1378 matches found
CVE-2024-26326
OwnCloud
CVE-2023-44472
CVE-2023-44472: Unyson WordPress plugin (<= 2.7.28) contains a Missing Authorization/Broken Access Control vulnerability. Root cause is missing authorization checks; impact is limited by documented scope (Unyson
CVE-2023-44446
CVE-2023-44446 affects GStreamer’s MXF demuxer (gstreamer1-plugins-bad-free, among others). The vulnerability is a use-after-free during MXF file parsing caused by not validating an object’s existence before operating on it. This can allow an attacker to execute code in the context of the affecte...
CVE-2023-44444
CVE-2023-44444 affects GIMP (PSP parsing). Craft data in PSP files can trigger an off-by-one when writing into a heap-based buffer, enabling remote code execution in the process context. Exploitation requires user interaction (visiting/opening a malicious file). The issue is confirmed by ZDI-Can-...
CVE-2023-44443
CVE-2023-44443 describes a Remote Code Execution in GIMP via PSP file parsing. The root cause is lack of validation of PSP data, causing an integer overflow during memory write. Impact is high: attacker-controlled code executed with the current process, with UI interaction required (user must ope...
CVE-2023-44442
CVE-2023-44442 : GIMP PSD parsing heap-based buffer overflow leading to remote code execution. The flaw arises from insufficient validation of the length of user-supplied data during PSD file parsing, copying to a heap buffer. Exploitation requires user interaction (visiting a malicious page or o...
CVE-2023-44441
CVE-2023-44441 describes a heap-based buffer overflow in GIMP’s DDS file parsing, enabling remote code execution. The issue arises from insufficient validation of the length of user-supplied data before copying to a heap buffer and requires user interaction (visiting a malicious page or opening a...
CVE-2023-42117
CVE-2023-42117 affects Exim (smtp service). Root cause: Improper neutralization/validation of user-supplied data leading to a memory corruption and remote code execution, with no authentication required. Impact: remote code execution in Exim processes, on affected installations. Affected componen...
CVE-2023-42116
Exim SMTP vulnerability CVE-2023-42116 is a stack-based buffer overflow in handling NTLM challenge data, allowing unauthenticated remote code execution. Affected software: Exim (MTA). Root cause: insufficient validation of user-supplied data length prior to copying into a fixed-length stack buffe...
CVE-2023-42115
Exim’s SMTP service (port 25) is affected by CVE-2023-42115: an AUTH-less out-of-bounds write that enables remote code execution via improper validation of user-supplied data, allowing code execution under the service account. The vulnerability details and impact are stated in multiple sources (E...
CVE-2023-40476
CVE-2023-40476 affects GStreamer and its gst-plugins-bad1.0, with a stack-based buffer overflow in the H.265 video parser due to insufficient validation of user data length. This can allow a remote attacker to execute code in the context of the affected process. Exploitation details are not fully...
CVE-2023-40475
CVE-2023-40475 affects the MXF file parsing in GStreamer plugins-bad. The flaw is an integer overflow when handling MXF data, enabling remote code execution within the process if a crafted MXF file is processed. Exploitation is interaction-dependent and depends on the specific plugin/implementati...
CVE-2023-40474
CVE-2023-40474 is a GStreamer MXF parsing vulnerability caused by an integer overflow when processing MXF files, leading to remote code execution in vulnerable GStreamer deployments. The issue stems from insufficient validation of user-supplied data, which allows the overflow to occur during buff...
CVE-2023-38104
CVE-2023-38104 affects GStreamer realmedia parsing: the MDPR chunk parsing path allows an integer overflow when allocating buffers, enabling remote code execution in the context of the affected process. The vulnerability is network-remote with no user authentication required and requires user int...
CVE-2023-38089
CVE-2023-38089 concerns Kofax Power PDF with an Out-of-Bounds Write in the handling of app objects. The flaw arises from insufficient validation of user-supplied data, causing a write past the end of an allocated buffer and enabling Remote Code Execution in the context of the current process. Exp...
CVE-2023-37329
CVE-2023-37329 concerns a heap-based buffer overflow in GStreamer’s SRT subtitle file parsing. The flaw stems from insufficient validation of the length of user-supplied data before copying to a heap buffer, enabling remote code execution in the affected process. This is tied to ZDI-CAN-20968. Co...
CVE-2023-37328
GStreamer PGS subtitle parsing flaw (CVE-2023-37328) causes a heap-based buffer overflow that can enable remote code execution. It affects gstreamer1-plugins-base and related GStreamer components; the issue arises from inadequate validation of user-supplied data length during PGS subtitle parsing...
CVE-2023-37327
Consolidated: CVE-2023-37327 targets GStreamer, specifically the FLAC file parsing path. The flaw is an integer overflow while handling FLAC data, leading to a heap overwrite and remote code execution. The issue affects gstreamer1-plugins-good (and related GStreamer components) and has had vendor...
CVE-2024-2467
CVE-2024-2467 is a timing-based side-channel vulnerability in the perl-Crypt-OpenSSL-RSA package affecting legacy PKCS#1 v1.5 padding. The issue can enable plaintext recovery over a network under a Bleichenbacher-style attack if an attacker can send many trial messages. Publicly documented fixes ...
CVE-2024-1657
CVE-2024-1657 : A flaw in Red Hat Ansible Automation Platform involves an insecure WebSocket used when interacting with the EDA server during installation from the Ansible rulebook. An attacker with access to any machine in the CIDR block could download all rulebook data, impacting confidentialit...