Heap-based Buffer Overflow

Overview OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Heap-based Buffer Overflow via undozipimpl function during a write operation when decompressing ZIPS-packed deep scan-line EXR files. An attacker can write arbitrary data to...

org.onosproject:onos-drivers-arista (>=1.7.0 <=1.8.9), org.onosproject:onos-drivers-ciena (>=1.7.0 <=1.8.9) +13 more potentially affected by CVE-2023-41591 via org.onosproject:onos-core-net (>=1.7.0 <=2.5.7-rc2)

org.onosproject:onos-core-net MAVEN version =1.7.0, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =1.8.0, =1.7.1, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =3.0.0, =3.0.0, =3.0.0, =4.0.0-rc1 Source cves: CVE-2023-41591 Source advisory: SNYK:JAVA-ORGONOSPROJECT-10658543...

CVE-2025-0409

A vulnerability classified as critical has been found in liujianview gymxmjpa 1.0. This affects the function MembertypeDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/MembertypeController.java. The manipulation of the argument typeName leads to sql injection. It is possible to...

CVE-2025-0406

A vulnerability was found in liujianview gymxmjpa 1.0. It has been classified as critical. Affected is the function SubjectDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/SubjectController.java. The manipulation of the argument subname leads to sql injection. It is possible to...

CVE-2025-0408

A vulnerability was found in liujianview gymxmjpa 1.0. It has been rated as critical. Affected by this issue is the function LoosDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/LoosController.java. The manipulation of the argument loosName leads to sql injection. The attack may ...

gymxmjpa 安全漏洞

gymxmjpa is a gym management system for liujianview individual developers. A security vulnerability exists in gymxmjpa version 1.0, which originates from an SQL injection vulnerability in the loosName parameter of the LoosDaoImpl function in the...

CVE-2024-12829

Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within...

The vulnerability of the audit plugin (of the TracePluginImpl class in the TracePluginImpl module) of the “Red Database” database management system allows a perpetrator to influence audit records.

The vulnerability of the audit plugin of the TracePluginImpl class within the TracePluginImpl module of the “Red Database” database management system relates to the possibility of assigning incorrect severity and facility parameters to certain events when these events are recorded in the OS syslo...

PT-2024-40838 · Oracle · Java

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a security exception, with details provided in an OSS-Fuzz report. The crash state involves methods such as...

PT-2023-18169 · Google · Android

Name of the Vulnerable Software and Affected Versions: TelecomServiceImpl.java affected versions not specified Description: The issue is related to a missing permission check in the registerPhoneAccount function of TelecomServiceImpl.java, which could lead to local information disclosure. This...

com.chutneytesting:action-impl (>=2.2.1 <=2.5.1), com.chutneytesting:chutney-junit-engine (>=2.2.1 <=2.5.1) +37 more potentially affected by CVE-2023-46604 via org.apache.activemq:activemq-openwire-legacy (>=5.18.0 <=5.18.2)

org.apache.activemq:activemq-openwire-legacy MAVEN version =5.18.0, =2.2.1, =2.2.1, =2.2.2, =2.2.1, =RC0-0.19.12-2023-10-27, =RC0-0.19.12-2023-10-27, =RC0-0.19.12-2023-10-27, =RC0-0.19.12-2023-10-27, =2.19.1, =5.18.0, =5.18.0, =5.18.0, =5.18.0, =5.18.0, =5.18.0, =5.18.2 and more Source cves:...

CVE-2023-20965

In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-29578

mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the mp4v2::impl::MP4StringProperty::MP4StringProperty function at src/mp4property.cpp...

Ivanti Avalanche SQL注入漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. Ivanti Avalanche version 6.3.2.3490 suffers from a SQL injection vulnerability that stems from a crafted request in...

CVE-2023-21021

In isTargetSdkLessThanQOrPrivileged of WifiServiceImpl.java, there is a possible way for the guest user to change admin user network settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

SUSE CVE-2015-1237

Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived function in content/renderer/renderframeimpl.cc in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger renderer IPC messages...

io.apiman:apiman-manager-api-micro (>=1.5.7.Final <=2.2.3.Final), io.apiman:apiman-manager-api-war (>=1.5.7.Final <=2.0.0.Final) +3 more potentially affected by CVE-2022-47551 via io.apiman:apiman-manager-api-rest-impl (>=1.5.7.Final <=2.2.3.Final)

io.apiman:apiman-manager-api-rest-impl MAVEN version =1.5.7.Final, =1.5.7.Final, =1.5.7.Final, =1.5.7.Final, =1.5.7.Final, =1.5.7.Final, =2.2.3.Final Source cves: CVE-2022-47551 Source advisory: OSV:GHSA-J94P-HV25-RM5G...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE in the ExpressionContextImpl class via jexl.createExpressionexpression.evaluatecontext; functionality, due to improper user input validation. Remediation There is no fixed version for com.bstek.uflo:uflo-core...

CVE-2022-20398

In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2022-36862

A heap-based overflow vulnerability in HWR::EngineCJK::Impl::Construct in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault...