The vulnerability of the Snowflake Golang driver for working with the cloud-based data processing and storage platform allows a perpetrator to execute arbitrary code.

The vulnerability of the Snowflake Golang driver for working with cloud-based data processing and storage platforms is related to the lack of measures to clean incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the WlanMacFilterRpm component (/userRpm/WlanMacFilterRpm.htm) of the TP-Link routers TL-WR940N, TL-WR841N, and TL-WR740N allows a malicious actor to gain unauthorized access to protected information or cause service failures.

The vulnerability of the WlanMacFilterRpm component /userRpm/WlanMacFilterRpm.htm of the TP-Link TL-WR940N, TL-WR841N, and TL-WR740N routers is related to the copying of buffers without checking the size of input data when processing the Mac key parameter. Exploiting this vulnerability can allow ...

CVE-2023-3040 Out of Bounds Access Leading to Undefined Behavior

A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a merged in PR 14 contained an out of bounds access bug that could have allowed an attacker to launch a DoS if the function was used to parse untrusted input data. It is important to note that...

PT-2023-3283 · Palo Alto Networks +1 · Globalprotect +2

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks GlobalProtect Agent affected versions not specified Description: The issue is related to errors in processing input data in the GlobalProtect Agent. It allows an attacker to execute arbitrary commands with elevated...

The vulnerability of the microprogramming software for WAGO CC100 programmable logic controllers and the microprogramming software for WAGO Touch Panel 600 sensors is related to insufficient verification of input data.

The vulnerability of the microprogramming software used in WAGO CC100 programmable logic controllers and the microprogramming software for WAGO Touch Panel 600 sensors is related to insufficient verification of input data. Exploiting this vulnerability can allow an attacker to gain access to...

kernel: udmabuf: improper validation of array index leading to local privilege escalation

A flaw was found in the Linux kernel's udmabuf device driver, within a fault handler. This issue occurs due to the lack of proper validation of user-supplied data, which can result in memory access past the end of an array. This may allow an attacker to escalate privileges and execute arbitrary...

Vulnerability of the built-in code editor of the content management system (CMS) 1C-Bitrix: Site management related to input data processing errors, allowing attackers to execute arbitrary code

Vulnerability of the built-in code editor of the content management system CMS 1C-Bitrix: Website management is associated with errors in data input processing. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of Rockwell Automation’s distributed controller software ArmorStart ST, related to deficiencies in input data validation by users, allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of the microprogramming software for Rockwell Automation’s ArmorStart ST distributed controllers is related to deficiencies in the validation of user-input data. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting XSS attacks remotely...

A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file resulting in a program crash or denial of service.

...

CVE-2023-2731

A NULL pointer dereference flaw was found in Libtiff's LZWDecode function in the libtiff/tiflzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or...

CVE-2023-2731

A NULL pointer dereference flaw was found in Libtiff's LZWDecode function in the libtiff/tiflzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or...

CVE-2023-2731

A NULL pointer dereference flaw was found in Libtiff's LZWDecode function in the libtiff/tiflzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or...

The vulnerability of the libcms_cli module in NETGEAR RAX30 router microprogramming software allows a hacker to execute arbitrary code in the root context.

The vulnerability of the libcmscli module in NETGEAR RAX30 router microprogramming software is related to the lack of measures for cleaning input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code in the root context...

The vulnerability of the Hotspot component of Oracle’s software platform and the Oracle GraalVM Enterprise Edition virtual machine allows attackers to disclose protected information.

The vulnerability of the Hotspot component of Oracle’s software platform and the Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient testing of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose sensitive information...

The vulnerability of the Native Image component in the Oracle GraalVM Enterprise Edition virtual machine allows a hacker to gain access to modify, add, or delete data.

The vulnerability of the Native Image component in the Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient testing of input data. Exploiting this vulnerability can allow an attacker to modify, add, or delete data...

The vulnerability of the udmabuf_vm_fault() function in the drivers/dma-buf/udmabuf.c module of Linux kernel allows a attacker to escalate their privileges and execute arbitrary code.

The vulnerability of the udmabufvmfault function in the drivers/dma-buf/udmabuf.c module of Linux operating systems is related to unvalidated array indexing due to incorrect validation of input data. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute...

The vulnerability of the NSSwitch component of the Oracle Solaris operating system, related to errors in processing input data

The vulnerability of the NSSwitch component in the Oracle Solaris operating system is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

Vulnerability of the Oracle Solaris operating system’s Utility component, related to errors in processing input data

The vulnerability of the Oracle Solaris operating system’s Utility component is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the IBM DB2 database management system, related to errors in processing input data, allows a perpetrator to cause a service failure.

The vulnerability of the IBM DB2 database management system is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

HexUtils.hexStringToBytes32() and HexUtils.hexToAddress() may return incorrect results

Lines of code Vulnerability details Impact The HexUtils.hexStringToBytes32 and HexUtils.hexToAddress may return incorrect results if the input data provided is not in a standard format. This could cause the contract to behave abnormally in some scenarios or be exploited for malicious purposes...