4606 matches found
PT-2023-21344 · Jpegoptim +1 · Jpegoptim +1
Name of the Vulnerable Software and Affected Versions: jpegoptim version 1.5.2 Description: A heap overflow can occur with crafted JPEG image files, specifically in the optimize function at jpegoptim.c. This issue is related to the processing of JPEG images. Recommendations: For jpegoptim version...
ALPINE-CVE-2023-27585
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to...
PT-2023-21230 · Rizin · Rizin
Name of the Vulnerable Software and Affected Versions: Rizin versions 0.5.1 and prior Description: Rizin is a UNIX-like reverse engineering framework and command-line toolset. Converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when th...
CVE-2022-37939
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and...
Easy!Appointments uses hard-coded credentials
Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments 1.4.3 and prior. A patch is available and anticipated to be part of version 1.5.0...
PT-2023-1907 · Unknown · Mxsecurity
Name of the Vulnerable Software and Affected Versions: MXsecurity version 1.0 Description: The issue is related to a command injection vulnerability in the SSH CLI program of MXsecurity. This vulnerability can be exploited by attackers who have gained authorization privileges, allowing them to...
PT-2023-16810 · Wisecleaner · Wise Folder Hider +1
Name of the Vulnerable Software and Affected Versions: WiseCleaner Wise Folder Hider version 4.4.3.202 Description: A vulnerability was found in the WiseCleaner Wise Folder Hider software, affecting the function in the library WiseFs64.sys of the component IoControlCode Handler. The manipulation...
PT-2023-20493 · Dot-Lens · Dot-Lens
Name of the Vulnerable Software and Affected Versions: dot-lens versions all Description: The issue concerns Prototype Pollution via the set function in the index.js file. This affects all versions of the dot-lens package. There is no information provided about the estimated number of potentially...
Cockpit Uses Platform-Dependent Third Party Components
Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit 2.3.9 and prior. A patch is available and anticipated to be part of version 2.4.0...
CVE-2023-26470 In XWiki Platform, saving a document with a large object number leads to persistent OOM errors
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make the farm unusable by adding an object to a page with a huge number e.g. 67108863. Most of the time this will fill the memory allocated to XWiki and make it unusable every...
CVE-2023-26471 XWiki Platform users may execute anything with superadmin right through comments and async macro
XWiki Platform is a generic wiki platform. Starting in version 11.6-rc-1, comments are supposed to be executed with the right of superadmin but in restricted mode anything dangerous is disabled, but the async macro does not take into account the restricted mode. This means that any user with...
CVE-2023-26478 org.xwiki.platform:xwiki-platform-store-filesystem-oldcore has Exposed Dangerous Method or Function
XWiki Platform is a generic wiki platform. Starting in version 14.3-rc-1, org.xwiki.store.script.TemporaryAttachmentsScriptServiceuploadTemporaryAttachment returns an instance of com.xpn.xwiki.doc.XWikiAttachment. This class is not supported to be exposed to users without the programing right...
CVE-2022-36280 affecting package kernel 5.10.167.1-1
CVE-2022-36280 affecting package kernel 5.10.167.1-1. A patched version of the package is available...
CVE-2022-42329 affecting package kernel 5.10.167.1-1
CVE-2022-42329 affecting package kernel 5.10.167.1-1. A patched version of the package is available...
PT-2023-12423 · Unknown · Serenityos
Name of the Vulnerable Software and Affected Versions: SerenityOS affected versions not specified Description: A critical issue has been found in SerenityOS, affecting the function initialize typed array from array buffer in the library Userland/Libraries/LibJS/Runtime/TypedArray.cpp. This issue...
PT-2023-19418 · Jensen Of Scandinavia · Jensen Of Scandinavia Eagle 1200Ac
Name of the Vulnerable Software and Affected Versions: Jensen of Scandinavia Eagle 1200AC version V15.03.06.33 en Description: A stack overflow issue was discovered via the wepkey1 parameter at the "/goform/WifiBasicSet" API endpoint. Recommendations: For version V15.03.06.33 en, consider disabli...
PT-2023-21056 · Git +1 · Opencats
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious...
PT-2023-16739 · Unknown · Microweber
Name of the Vulnerable Software and Affected Versions: microweber/microweber versions prior to 1.3.3 Description: The issue is related to Cross-site Scripting XSS - Stored, which allows attackers to inject malicious scripts into the website. A patch is available and is anticipated to be part of...
CVE-2023-23931 affecting package python-cryptography for versions less than 3.3.2-4
CVE-2023-23931 affecting package python-cryptography for versions less than 3.3.2-4. A patched version of the package is available...
PT-2023-3640 · Sage · Sage X3
Name of the Vulnerable Software and Affected Versions: Sage X3 version 12.14.0.50-0 Description: The issue is related to Cross Site Scripting XSS in the Sage X3 Web application. Some parts of the application are dynamically built using user inputs, but these inputs are not verified or filtered,...