SUSE CVE-2023-49557

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasmsectionbcsfirst function in the libyasm/section.c component...

AZL-33354 CVE-2023-49557 affecting package yasm 1.3.0-17

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasmsectionbcsfirst function in the libyasm/section.c component...

AZL-35394 CVE-2023-49557 affecting package yasm 1.3.0-17

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasmsectionbcsfirst function in the libyasm/section.c component...

UBUNTU-CVE-2023-49557

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasmsectionbcsfirst function in the libyasm/section.c component...

YASM Security Vulnerabilities

yasm is a completely rewritten Netwide assembler from the yasm open source. A security vulnerability exists in YASM version 1.3.0.86.g9def, which originated from allowing an attacker to cause a denial of service DOS via the YASMsectionbcsfirst function in the libyasm/section.c component...

libredwg Security Vulnerabilities

libredwg is a free implementation of the DWG file format. A security vulnerability exists in libredwg versions prior to 0.12.5.6384, which stems from an out-of-bounds read problem in section-numpages in decoder2007.c. The vulnerability is caused by a read-over-bounds problem in section-numpages...

PT-2024-2671 · Yasm +2 · Yasm +2

Name of the Vulnerable Software and Affected Versions: YASM version 1.3.0.86.g9def Description: The issue is related to the yasm section bcs first function in the libyasm/section.c component, which allows a remote attacker to cause a denial of service due to uncontrolled resource consumption. Thi...

PT-2024-12088 · Libredwg +1 · Libredwg +1

Name of the Vulnerable Software and Affected Versions: libredwg versions prior to 0.12.5.6384 Description: The issue is related to a Denial of Service DoS due to an out-of-bounds read involving section-num pages in the decode r2007.c file. This can cause the software to become unresponsive or...

Email Spoofing

Thunderbird is vulnerable to Email Spoofing. The vulnerability is caused because when processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user as the text was interpreted as a MIME message and the first paragraph was always...

CVE-2023-7057 code-projects Faculty Management System yearlevel.php cross site scripting

A vulnerability, which was classified as problematic, has been found in code-projects Faculty Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pages/yearlevel.php. The manipulation of the argument Year Level/Section leads to cross site scripting. The...

phpMyFAQ < 3.1.17 Multiple Vulnerabilities

phpMyFAQ is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"; if description...

GHSA-QJ86-P74R-7WP5 Remote code execution/programming rights with configuration section from any user account

Impact Anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the administration interface. This impacts the confidentiality, integrity and availability of the whole XWiki...

CVE-2023-50723 XWiki Platform remote code execution/programming rights with configuration section from any user account

XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the...

CVE-2023-50723 XWiki Platform remote code execution/programming rights with configuration section from any user account

XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the...

CVE-2023-50722 XWiki Platform XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass

XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, there is a reflected XSS or also direct remote code execution vulnerability in the code for displaying configurable admin sections. The code that can be passed through a URL parameter...

XWiki Platform Cross-Site Scripting Vulnerability

XWiki Platform is the XWiki Foundation's suite of Wiki platforms for creating Web collaboration applications. A security vulnerability exists in XWiki Platform that stems from a reflected cross-site scripting vulnerability or a remote code execution vulnerability in the code used to display the...

Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.4 release and security update

Red Hat Integration Camel for Spring Boot 3.20.4 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

PT-2023-35638 · Git +1 · Binutils

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 1 crash has been reported. The crash involves the loongarch split args by comma, print insn loongarch, and disassemble sectio...

Important: Red Hat Security Advisory: postgresql:10 security update

An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Inventory Management System Cross-Site Scripting Vulnerability

Inventory Management System is an inventory management system by stemword individual developers. A cross-site scripting vulnerability exists in CodeAstro POS and Inventory Management System version 1.0, which stems from an unknown section in /item/itemcon, leading to cross-site scripting via the...