CVE-2016-20045

CVE-2016-20045 affects HNB Organizer 1.9.18-10 and describes a local buffer overflow via the -rc command-line parameter. The vulnerability allows a local attacker to execute arbitrary code by supplying an input string exceeding about 108 bytes containing shellcode and a return address to overwrit...

CVE-2016-20041 Yasr 0.6.9-5 Buffer Overflow via Command-line Parameter

Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized argument to the -p parameter. Attackers can invoke yasr with a crafted payload containing junk data, shellcode, and a return address to...

MLflow 代码注入漏洞

MLflow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code for reproducible executions, and sharing and deploying models. Prior to MLv3.7.0, there was a code injection vulnerability. This vulnerability stemmed from...

EUVD-2023-60269

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Add a length limitation for the ivrsacpihid command-line parameter The 'acpiid' buffer in the parseivrsacpihid function may overflow, because the string specifier in the format string sscanf has no width limitation...

CVE-2023-54057

CVE-2023-54057 : Linux kernel vulnerability in iommu/amd where the acpiid buffer may overflow due to an unbounded sscanf() format string in parse_ivrs_acpihid. Root cause: lack of width limitation on the IVRS ACPIHID parameter, enabling potential overflow. Connected advisories describe kernel pat...

EUVD-2000-0963

Malware in sbrugna...

EUVD-2005-0306

Malware in sbrugna...

EUVD-2000-0974

Malware in sbrugna...

EUVD-2002-1115

Malware in sbrugna...

EUVD-2017-8487

Malware in sbrugna...

EUVD-2018-8542

Malware in sbrugna...

EUVD-2004-1675

Malware in sbrugna...

EUVD-2022-2775

Malicious code in bioql PyPI...

DEBIAN-CVE-2023-45359

An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup...

UBUNTU-CVE-2023-45359

An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup...

ROS-20240902-07

A vulnerability in the cpio binary archiver is related to regression when using the command line parameter --no-absolute-filenames. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...

CVE-2024-39314 toy-blog administrative token leaked through the command line parameter

toy-blog is a headless content management system implementation. Starting in version 0.4.3 and prior to version 0.5.0, the administrative password was leaked through the command line parameter. The problem was patched in version 0.5.0. As a workaround, pass --read-bearer-token-from-stdin to the...

CVE-2024-39314

The CVE-2024-39314 issue affects toy-blog versions 0.4.3 to before 0.5.0, where the administrative password was leaked via a command line parameter (root cause: command line exposure). A fix is available in version 0.5.0. As a workaround, versions 0.4.14 and later can pass the bearer token via st...

InstallEmbeddedBrowser=N param is not honored by CWA 2403

The installation process for Citrix Workspace App for Windows 2403 is unable to honor command line parameters correctly, causing Citrix Enterprise Browser CEB to be installed even when the switch “InstallEmbeddedBrowser” is set to “N” Example : CitrixWorkspaceApp.exe /silent InstallEmbeddedBrowse...

kernel: iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter

A stack buffer overflow vulnerability was found in the Linux kernel's AMD IOMMU driver. The parseivrsacpihid function uses sscanf to parse the ivrsacpihid kernel command-line parameter without specifying a field width limit. An overly long ACPI HID string can overflow the fixed-size acpiid buffer...