1085 matches found
K000148897: Sudo vulnerability CVE-2019-19232
Security Advisory Description In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because...
rexml: REXML ReDoS vulnerability
A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...
rexml: REXML ReDoS vulnerability
A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...
rexml: REXML ReDoS vulnerability
A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...
WordPress Wallet for WooCommerce plugin <= 1.5.6 - Authenticated (Subscriber+) Incorrect Conversion between Numeric Types vulnerability
Authenticated Subscriber+ Incorrect Conversion between Numeric Types vulnerability discovered by stealthcopter in WordPress Plugin TeraWallet – For WooCommerce versions = 1.5.6...
CVE-2024-7747
The Wallet for WooCommerce plugin for WordPress is vulnerable to incorrect conversion between numeric types in all versions up to, and including, 1.5.6. This is due to a numerical logic flaw when transferring funds to another user. This makes it possible for authenticated attackers, with...
CVE-2024-7747 Wallet for WooCommerce <= 1.5.6 - Authenticated (Subscriber+) Incorrect Conversion between Numeric Types
The Wallet for WooCommerce plugin for WordPress is vulnerable to incorrect conversion between numeric types in all versions up to, and including, 1.5.6. This is due to a numerical logic flaw when transferring funds to another user. This makes it possible for authenticated attackers, with...
CVE-2024-7747
CVE-2024-7747 affects Wallet for WooCommerce (WordPress). The vulnerability is an incorrect conversion between numeric types in all versions up to and including 1.5.6, caused by a numerical logic flaw during transfers. When exploited by an authenticated user with Subscriber+ privileges, an attack...
CVE-2024-7747 Wallet for WooCommerce <= 1.5.6 - Authenticated (Subscriber+) Incorrect Conversion between Numeric Types
The Wallet for WooCommerce plugin for WordPress is vulnerable to incorrect conversion between numeric types in all versions up to, and including, 1.5.6. This is due to a numerical logic flaw when transferring funds to another user. This makes it possible for authenticated attackers, with...
WordPress plugin Wallet for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...
GHSA-PCX7-8HXG-J823 Duplicate Advisory: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jgwc-jh89-rpgq. This link is maintained to preserve external references. Original Description A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service DoS attack...
7-Zip 数字错误漏洞
7-Zip is a compression software from the 7-Zip open source. A numeric error vulnerability exists in 7-Zip that stems from improper validation of user-supplied data during the Zstandard decompression process, which could result in an integer overflow and execution of arbitrary code before writing ...
The vulnerability of the LPIT component in the Linux operating system’s kernel allows a hacker to execute arbitrary code.
The vulnerability of the LPIT component in the Linux operating system’s kernel is related to a numerical overflow in the lpitupdateresidency function. Exploiting this vulnerability allows an attacker to execute arbitrary code...
Adobe Photoshop Digital Error Vulnerability (CNVD-2025-24445)
Adobe Photoshop is a set of image processing software from the American company Audobee Adobe. The software is mainly used for processing pictures. Adobe Photoshop suffers from a numeric error vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the current...
The vulnerability of the Kerberos Key Distribution Center (KDC) Proxy Protocol implementation in Windows operating systems allows a perpetrator to execute arbitrary code.
The vulnerability of the Kerberos Key Distribution Center KDC Proxy Protocol implementation in Windows operating systems is related to numerical truncation errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Adobe Photoshop 数字错误漏洞
Adobe Photoshop is a set of image processing software from the American company Audobee Adobe. The software is mainly used for processing pictures. Adobe Photoshop suffers from a numeric error vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the current...
VulnCheck KEV: CVE-2024-1597
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a...
CVE-2024-49761
A flaw was found in the REXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...
CVE-2024-49761
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
AZL-51894 CVE-2024-49761 affecting package rubygem-rexml for versions less than 3.2.7-3
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...