EasyFTP Security Vulnerability

EasyFTP is an easy-to-use FTP service. A security vulnerability exists in EasyFTP version 1.7.0.2, which originates from an unknown function in the component MKD Command Handler that can easily lead to a buffer overflow...

PT-2024-10548 · Easyftp · Easyftp

Name of the Vulnerable Software and Affected Versions: EasyFTP version 1.7.0.2 Description: A critical issue was found in the MKD Command Handler component, which can be exploited remotely. The manipulation leads to a buffer overflow. Recommendations: For EasyFTP version 1.7.0.2, at the moment,...

sqlite: heap-buffer-overflow at sessionfuzz

A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur...

CentOS 8 : sqlite (CESA-2024:0253)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2024:0253 advisory. - A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file...

make-up-design.com Cross Site Scripting vulnerability OBB-3834544

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-49471

Blind Server-Side Request Forgery SSRF vulnerability in karlomikus Bar Assistant before version 3.2.0 does not validate a parameter before making a request through Image::make, which could allow authenticated remote attackers to execute arbitrary code...

CVE-2023-49471

Blind Server-Side Request Forgery SSRF vulnerability in karlomikus Bar Assistant before version 3.2.0 does not validate a parameter before making a request through Image::make, which could allow authenticated remote attackers to execute arbitrary code...

PT-2024-13739 · Unknown · Karlomikus Bar Assistant

Name of the Vulnerable Software and Affected Versions: karlomikus Bar Assistant versions prior to 3.2.0 Description: The issue is related to a Blind Server-Side Request Forgery SSRF vulnerability. It does not validate a parameter before making a request through Image::make, which could allow...

Bar Assistant Security Breach

Bar Assistant is a self-hosted application for managing home bars. A security vulnerability exists in Bar Assistant that stems from not validating parameters before making a request via Image::make, which could lead to arbitrary code execution...

CVE-2023-49471

Blind Server-Side Request Forgery SSRF vulnerability in karlomikus Bar Assistant before version 3.2.0 does not validate a parameter before making a request through Image::make, which could allow authenticated remote attackers to execute arbitrary code...

DEBIAN-CVE-2022-3328

Race condition in snap-confine's mustmkdirandopenwithperms...

CVE-2023-7104

A vulnerability was found in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur. Mitigation Mitigation for this issue is either not available or...

CVE-2023-7104

A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a...

UBUNTU-CVE-2023-51713

makeftpcmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics...

Medium: virtuoso-opensource

Issue Overview: An issue in the libcmalloc component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service DoS via crafted SQL statements. CVE-2023-31607 An issue in the dfeunitcolloci component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Deni...

CLSA-2023-1699380175 Fix CVE(s): CVE-2022-47011, CVE-2022-47007, CVE-2022-47010, CVE-2022-47008

SECURITY UPDATE: memory leak in stabdemanglev3arg - debian/patches/CVE-2022-47007.patch: free dt on failure path - CVE-2022-47007 SECURITY UPDATE: memory leak in maketempdir - debian/patches/CVE-2022-47008.patch: free template on all failure paths - CVE-2022-47008 SECURITY UPDATE: memory leak in...

kernel: tcp: tcp_make_synack() can be called from process context

In the Linux kernel, the following vulnerability has been resolved: tcp: tcpmakesynack can be called from process context tcprtxsynack now could be called in process context as explained in 0a375c822497 "tcp: tcprtxsynack can be called from process context". tcprtxsynack might call tcpmakesynack,...

PT-2025-18885 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved. The issue arises when tcp make synack is called from process context, potentially leading to the use of this cpu add in preemptib...

OpenJDK: segmentation fault in ciMethodBlocks

A vulnerability was found in OpenJDK. This issue occurs in the ciMethodBlocks::makeblockat function in OpenJDK HotSpot VM 8 11 and 17 are fixed starting from 11.0.17 and 17.0.5 respectively, and may allow an attacker to cause a denial of service...

OpenJDK: segmentation fault in ciMethodBlocks

A vulnerability was found in OpenJDK. This issue occurs in the ciMethodBlocks::makeblockat function in OpenJDK HotSpot VM 8 11 and 17 are fixed starting from 11.0.17 and 17.0.5 respectively, and may allow an attacker to cause a denial of service...