The vulnerability of the JFrog Artifactory repository management platform, related to errors in processing input data, allows a perpetrator to carry out a cache poisoning attack.

The vulnerability of the JFrog Artifactory repository management platform is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute a cache poisoning attack remotely...

WordPress plugin Community Events 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin...

PT-2024-6402 · Openwrt · Openwrt

Name of the Vulnerable Software and Affected Versions: OpenWrt affected versions not specified Description: The issue is related to the implementation of the SAE H2E authentication protocol in the OpenWrt embedded operating system, which is affected by errors in handling input data. This could...

ROS-20240731-05

A vulnerability in the SHA-3 cryptographic hash function of the eXtended Keccak Code Package XKCP software package is related to errors in block processing of input data and type conversion. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code during...

CVE-2024-42130

Removed by vendor...

ROS-20240730-08

Eclipse Jetty servlet container vulnerability is related to errors in processing input data length parameters. data length parameters. Exploitation of the vulnerability could allow an attacker acting remotely to perform a "HTTP request smuggling" attack The Eclipse Jetty servlet container...

ROS-20240729-03

A vulnerability in the GLPI reports plugin of the GLPI reports system is related to incorrect neutralization of input data during web page generation. neutralization of input data during web page generation. Exploitation of the vulnerability could allow a remote attacker to conduct XSS attacks...

ROS-20240729-07

Vulnerability in the GLPI request and incident handling system related to improper privilege management. privileges. Exploitation of the vulnerability could allow an attacker acting remotely to steal confidential information Vulnerability in the GLPI reporting plugin is related to improper...

SDoP 安全漏洞

SDoP is a simple DocBook processor by Philip Hazel Personal Developer. A security vulnerability exists in SDoP versions prior to 1.11 that stems from an inability to properly handle certain parameters in input data. An attacker exploiting this vulnerability could execute arbitrary code...

PT-2024-29612 · Sdop +1 · Sdop +1

Name of the Vulnerable Software and Affected Versions: SDoP versions prior to 1.11 Description: The issue is related to the handling of parameters inside input data, resulting in a stack-based buffer overflow. This can lead to arbitrary code execution when a user processes a specially crafted XML...

The vulnerability of the GLPI system’s request and incident handling process, related to improper elimination of input data during the generation of web pages, allows a malicious actor to create malicious external links.

The vulnerability of the GLPI system for handling requests and incidents is related to the improper elimination of input data during the generation of the web page. Exploiting this vulnerability allows a malicious actor to create a malicious external link...

ROS-20240726-08

Vulnerability in the httpjson component of Elastick Stack Filebeat is due to a bug in the input data of the httpjson, because of which the contents of the Authorization or Proxy-Authorization http-request header may into the debug logs. Exploitation of the vulnerability could allow an attacker...

ROS-20240723-05

A vulnerability in the Core component of the Oracle VM VirtualBox virtualization software tool is related to an insecure privilege management vulnerability. insecure privilege management. Exploitation of the vulnerability could allow an attacker to escalate their privileges A vulnerability in the...

The vulnerability of the SCADA system MasterSCADA 4D, related to errors in processing input data, allows a intruder to trigger a service failure.

The vulnerability of the SCADA system MasterSCADA 4D is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

The vulnerability of the Microsoft Outlook email client, related to insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of the Microsoft Outlook email client is related to insufficient validation of entered data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the Outside In Core component within Oracle’s software development kit (SDK) allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Outside In Core component in Oracle’s software development kit SDK exists due to insufficient testing of input data. Exploiting this vulnerability could allow attackers to compromise the confidentiality, integrity, and accessibility of protected information...

ROS-20240718-03

Vulnerability of the JWE, JWS, JWT go-jose standards set implementation package for Go programming language is related to incorrect processing of highly compressed input data. Exploitation of the vulnerability could allow An attacker acting remotely to cause a denial of service...

ROS-20240712-02

A vulnerability in the ParseAddressList function of the net/mail package of the Go programming language is related to insufficient verification of display names in the function. verification of display names in the function. Exploitation of the vulnerability could allow an attacker acting remotel...

The vulnerability in the implementation of the Secure Boot protocol for operating systems with Windows, which allows attackers to circumvent existing security restrictions.

The vulnerability of the Secure Boot protocol for operating systems running Windows is related to errors in processing input data length parameters. Exploiting this vulnerability could allow a malicious actor to circumvent existing security restrictions remotely...

CVE-2024-40518

Affected software/components: SeaCMS 12.9; vulnerable file: admin_weixin.php which writes user input directly into weixin.php without processing. Root cause / vulnerability type: Direct splicing/writing of unprocessed user input leading to remote code execution. Impact: Authenticated attackers ca...