PT-2023-26946 · Ashlar Vellum · Ashlar-Vellum Cobalt +4

Name of the Vulnerable Software and Affected Versions: Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share version 12 SP0 Build 1204.77 Description: The affected applications lack proper validation of user-supplied data when parsing XE files, which could lead to an out-of-bounds write. ...

Cannot decompress firmware package with error "invalid compressed data--format violated"

Running command "tar -xvzf build-xx-xxnc64.tgz" in NetScaler shell to decompress firmware package, but it fails with error "invalid compressed data--format violated"...

Information disclosure

Transient DOS in Modem while processing invalid System Information Block 1...

CVE-2023-21650

Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length...

Memory corruption

Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length...

CVE-2023-21650 Improper Validation of Array Index in GPS HLOS Driver

Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length...

Qualcomm Chip Buffer Error Vulnerability

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc. and is often manufactured on the surface of semiconductor wafers. A security vulnerability exists in the Qualcomm chip that stems from memory...

PT-2023-18313 · Unknown · Gps Hlos Driver

Name of the Vulnerable Software and Affected Versions: GPS HLOS Driver affected versions not specified Description: The issue is related to memory corruption in the GPS HLOS Driver. Specifically, when the injectFdclData function receives data with an invalid data length, it can cause memory...

CVE-2023-37558

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service...

CVE-2022-43713

Interactive Forms IAF in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed...

CVE-2022-43713

Interactive Forms IAF in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed...

CVE-2022-43713

Interactive Forms IAF in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed...

CVE-2023-31126 Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml

org.xwiki.commons:xwiki-commons-xml is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does not affect...

XWiki Platform 跨站脚本漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform versions 14.6-rc-1 through 14.10.4, which stems from an HTML element cleaner that accepts invalid data attributes, allowin...

CVE-2023-26285

IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418...

Code injection

IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418...

CVE-2023-26285 IBM MQ denial of service

IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418...

CVE-2023-26285 IBM MQ denial of service

IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418...

Advisory ROSA-SA-2023-2136

Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21365 BDU-ID: 2022-02011 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the ImageIO component of the Oracle Java SE software platform and Oracle GraalVM Enterprise Edition virtual machine i...

LibTIFF 缓冲区错误漏洞

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. LibTIFF version 4.4.0 contains an out-of-bounds read vulnerability, which stems from the lack of proper validation of user-supplied data and is exploited by attackers to cause a denial of service via specially craft...