CVE-2023-2084

CVE-2023-2084 affects the WordPress Essential Blocks plugin for WordPress, vulnerable up to version 4.0.6. The root cause is a missing capability check in the get function, allowing subscriber-level attackers to read or obtain plugin settings. Although a nonce check exists, it only runs when a no...

PT-2023-35003 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.9 Description: The issue is related to a double increment of client count in the dma chan get function. This problem was introduced in version v4.0 and is fixed in Linux Kernel version v6.1.9. The actual...

PT-2023-10189 · Opendns · Opendns Openresolve

Name of the Vulnerable Software and Affected Versions: OpenDNS OpenResolve affected versions not specified Description: A problem was found in OpenDNS OpenResolve, related to the function get of the file resolverapi/endpoints.py of the component API. This issue leads to cross site scripting. The...

PT-2022-25826 · Unknown · Qmpass/Leadshop

Name of the Vulnerable Software and Affected Versions: qmpass/leadshop version 1.4.15 Description: The issue allows an attacker to control the target host by calling any function in leadshop.php via the GET method, potentially leading to remote code execution RCE. This can enable an attacker to...

rubygem-tzinfo: arbitrary code execution

A flaw was found in rubygem-tzinfo. When using the Timezone.get function, it fails to validate time zone identifiers correctly, allowing a new line character input within the identifier. This flaw allows an attacker to use the new line character and write any code, which will be executed within t...

CVE-2022-25302

All versions of package asneg/opcuastack are vulnerable to Denial of Service DoS due to a missing handler for failed casting when unvalidated data is forwarded to boost::get function in OpcUaNodeIdBase.h. Exploiting this vulnerability is possible when sending a specifically crafted OPC UA message...

Design/Logic Flaw

All versions of package asneg/opcuastack are vulnerable to Denial of Service DoS due to a missing handler for failed casting when unvalidated data is forwarded to boost::get function in OpcUaNodeIdBase.h. Exploiting this vulnerability is possible when sending a specifically crafted OPC UA message...

libjpeg 缓冲区错误漏洞

libjpeg is a C language library for processing JPEG format image data. It includes JPEG decoding, JPEG encoding and other JPEG functions. A buffer error vulnerability exists in libjpeg commit number: 281daa9, which stems from a memory segment error in HuffmanDecoder::Get in its huffmandecoder.hpp...

OS Command Injection

Heroku-env is vulnerable to OS command injection. The vulnerability is due to the function get that executes a shell command with unsanitized user input. An attacker can inject shell code using the app parameter, using the control operator & or && followed by an arbitrary command...

ALPINE-CVE-2022-30784

A crafted NTFS image can cause heap exhaustion in ntfsgetattributevalue in NTFS-3G through 2021.8.22...

PT-2021-23565 · Gjson · Gjson

Name of the Vulnerable Software and Affected Versions: GJSON versions 1.9.2 and earlier GJSON version 1.9.3 is not affected, but versions prior to 1.9.3 are vulnerable, so the correct consolidation is: GJSON versions prior to 1.9.3 Description: The issue allows attackers to cause a ReDoS regular...

DEBIAN-CVE-2021-39516

An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function HuffmanDecoder::Get located in huffmandecoder.hpp. It allows an attacker to cause Denial of Service...

Arbitrary Code Execution

Overview total.js is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. It can be used as web, desktop, service or IoT application. Affected versions of this package are vulnerable to Arbitrary Code Execution via the U.set and...

PT-2020-3580 · Google +4 · Android +4

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 Description: The issue is related to a use-after-free vulnerability in the cdev get function of char dev.c due to a race condition. This could lead to local escalation of privilege with System execution privileges...

PT-2020-13233 · Acutect +3 · Tcpreplay +3

Name of the Vulnerable Software and Affected Versions: Tcpreplay versions 4.3.2 and earlier Description: The issue is a heap-based buffer over-read that occurs during a get c operation, specifically triggered in the function get ipv6 next at common/get.c. Recommendations: For Tcpreplay versions...

PT-2017-4091 · Jbig2Dec +2 · Jbig2Dec +2

Name of the Vulnerable Software and Affected Versions: jbig2dec version 0.13 Description: The issue is related to a NULL pointer dereference in the jbig2 huffman get function in jbig2 huffman.c. This can cause a crash, such as a segmentation fault, when parsing an invalid file. For example, the...

CVE-2017-8847

The bufRead::get function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted archive...

CVE-2017-8842

The bufRead::get function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted archive...

Denial of service

The bufRead::get function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted archive...

CVE-2017-8847

The bufRead::get function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted archive...