ROS-20231115-04

Visual Studio Coden source code editor vulnerability related to improper control of code generation. code generation. Exploitation of the vulnerability may allow an attacker to execute arbitrary code Visual Studio Code source code editor vulnerability is related to insufficient protection of...

ROS-20231115-01

A vulnerability in the Squid proxy server related to the execution of a "buffer overflow" attack, writing up to 2MB of of arbitrary data to the memory heap when Squid is configured to accept HTTP Digest Authentication. Exploitation of the vulnerability could allow an attacker acting remotely to...

The vulnerability of Zoom’s video conferencing software lies in its ability to copy input data into memory without checking its size. This allows attackers to trigger a service failure.

The vulnerability of Zoom video conferencing software relates to the copying of input data into buffers without checking their size. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

PT-2023-6955 · Crushftp · Crushftp

Name of the Vulnerable Software and Affected Versions: CrushFTP versions prior to 10.5.1 Description: The issue is related to errors in handling input data in the Object Attribute Handler component of the CrushFTP cross-platform FTP server. Exploitation of this issue may allow a remote attacker t...

The vulnerability of the devn_pcx_write_rle() function in the base/gdevdevn.c component of the Ghostscript document processing software allows a hacker to cause a service failure.

The vulnerability of the devnpcxwriterle function in the base/gdevdevn.c file of the Ghostscript document processing software is related to the copying of buffers without checking the input data. Exploiting this vulnerability could allow an attacker to cause a service failure using a specially...

The software vulnerability of Dell Alienware Command Center, due to insufficient input data validation, allows a perpetrator to escalate their privileges.

The vulnerability of Dell Alienware Command Center relates to insufficient validation of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...

ROS-20231109-01

Go programming language vulnerability is related to insecure external control of critical state data state when processing the setuid and setgid attributes. Exploitation of the vulnerability could allow an attacker, acting remotely, escalate their privileges and gain access to read, modify, or...

PT-2023-15061 · Unknown · Gopi Ramasamy Email

Name of the Vulnerable Software and Affected Versions: Gopi Ramasamy Email posts to subscribers versions n/a through 6.2 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection...

CVE-2023-47104

tinyfiledialogs aka tiny file dialogs before 3.15.0 allows shell metacharacters such as a backquote or a dollar sign in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters...

CVE-2023-47104

tinyfiledialogs aka tiny file dialogs before 3.15.0 allows shell metacharacters such as a backquote or a dollar sign in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters...

CVE-2023-47104

tinyfiledialogs aka tiny file dialogs before 3.15.0 allows shell metacharacters such as a backquote or a dollar sign in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters...

CVE-2020-36767

tinyfiledialogs aka tiny file dialogs before 3.8.0 allows shell metacharacters in titles, messages, and other input data...

Design/Logic Flaw

tinyfiledialogs aka tiny file dialogs before 3.15.0 allows shell metacharacters such as a backquote or a dollar sign in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters...

Input validation

tinyfiledialogs aka tiny file dialogs before 3.8.0 allows shell metacharacters in titles, messages, and other input data...

PT-2023-11904 · Unknown · Tinyfiledialogs

Name of the Vulnerable Software and Affected Versions: tinyfiledialogs versions prior to 3.8.0 Description: The issue allows shell metacharacters in titles, messages, and other input data. Recommendations: For versions prior to 3.8.0, update to version 3.8.0 or later to resolve the issue...

PT-2023-30311 · Unknown · Tinyfiledialogs

Name of the Vulnerable Software and Affected Versions: tinyfiledialogs versions prior to 3.15.0 Description: The issue allows shell metacharacters, such as a backquote or a dollar sign, in titles, messages, and other input data. This problem exists due to an incomplete fix for a previous issue,...

CVE-2020-36767

tinyfiledialogs aka tiny file dialogs before 3.8.0 allows shell metacharacters in titles, messages, and other input data...

The vulnerability of the Oracle Database Recovery Manager component of the Oracle Database Server database management system allows a perpetrator to trigger a service failure.

The vulnerability of the Oracle Database Recovery Manager component of the Oracle Database Server management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service interruptions...

The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server, related to errors in processing input data, allows a perpetrator to cause service interruptions.

The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server, related to errors in processing input data, allows a perpetrator to cause service interruptions.

The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...