11644 matches found
hsqldb: Untrusted input may lead to RCE attack
A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default...
CVE-2024-52787
Vulnerability summary: Libre-chat v0.0.6 is affected by a path traversal flaw in the upload_documents method. By supplying a crafted filename in an uploaded file, an attacker can traverse the filesystem. This is corroborated by multiple sources (Red Hat CVE entry, GHSA advisory, Veracode summary,...
DEBIAN-CVE-2024-53901
The Imager package before 1.025 for Perl has a heap-based buffer overflow leading to denial of service, or possibly unspecified other impact, when the trim method is called on a crafted input image...
UBUNTU-CVE-2024-53901
The Imager package before 1.025 for Perl has a heap-based buffer overflow leading to denial of service, or possibly unspecified other impact, when the trim method is called on a crafted input image...
PT-2024-35971 · Imager +1 · Imager +1
Name of the Vulnerable Software and Affected Versions: Imager package versions prior to 1.025 Description: The issue is a heap-based buffer overflow that can lead to denial of service or possibly other unspecified impacts when the trim method is called on a crafted input image. Recommendations: F...
Mozilla: Denial of Access to Static Resources via Cache Poisoning on addons.allizom.org
A cache poisoning vulnerability was identified on addons.allizom.org that allowed an attacker to block access to static resources such as images and JavaScript files. The issue was exploited by processing the X-HTTP-Method-Override header, which was honored by the origin server and treated the...
CVE-2023-52333
Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that...
CVE-2024-30372 Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability
Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
CVE-2023-51645
CVE-2023-51645 affects Allegra via unzipFile directory traversal that enables remote code execution. Root cause: improper validation of user-supplied paths used in file operations. Impact: code execution in the LOCAL SERVICE context. Authentication is required to exploit, but bypass is possible p...
Unauthorized Method Execution
twig/twig is vulnerable to unauthorized method execution. The vulnerability is due to improper enforcement of security policies in Twig's sandbox environment, which allows the toString method to be called on objects when they are part of arrays or argument lists, even if the method is disallowed ...
CVE-2024-51365
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...
PT-2024-34609 · Visicut · Visicut
Name of the Vulnerable Software and Affected Versions: VisiCut version 2.1 Description: The issue allows attackers to execute arbitrary code via uploading a crafted Zip file, exploiting an arbitrary file upload vulnerability in the importSettings method. Recommendations: For VisiCut version 2.1,...
Adobe Acrobat < 10.1.16 / 11.0.13 / 2015.006.30094 / 2015.009.20069 Multiple Vulnerabilities (APSB15-24) (macOS)
The version of Adobe Acrobat installed on the remote macOS host is a version prior to 10.1.16, 11.0.13, 2015.006.30094, or 2015.009.20069. It is, therefore, affected by multiple vulnerabilities. - The ANAuthenticateResource method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before...
CVE-2024-52677
HkCms = v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library/Upload.php...
CVE-2024-11494
UNSUPPORTED WHEN ASSIGNED The improper authentication vulnerability in the Zyxel P-6101C ADSL modem firmware version P-6101CSA6AP20140331 could allow an unauthenticated attacker to read some device information via a crafted HTTP HEAD method...
CVE-2024-11494
UNSUPPORTED WHEN ASSIGNED The improper authentication vulnerability in the Zyxel P-6101C ADSL modem firmware version P-6101CSA6AP20140331 could allow an unauthenticated attacker to read some device information via a crafted HTTP HEAD method...
CVE-2024-11494
UNSUPPORTED WHEN ASSIGNED The improper authentication vulnerability in the Zyxel P-6101C ADSL modem firmware version P-6101CSA6AP20140331 could allow an unauthenticated attacker to read some device information via a crafted HTTP HEAD method...
CVE-2024-11494
CVE-2024-11494 affects Zyxel P-6101C ADSL modem, specifically firmware version P-6101CSA6AP_20140331. The vulnerability is described as improper authentication that could allow an unauthenticated attacker to read certain device information via a crafted HTTP HEAD request. The CVSS 3.1 vector is N...
Microsoft SharePoint Server FindSpecific Unsafe Reflection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the FindSpecific method. The process does not properly...
CVE-2024-52677
HkCms = v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library/Upload.php...