CVE-2025-29315

The CVE describes a Shiro-based RBAC flaw in OpenDaylight SFC Sodium-SR4 and earlier, enabling privilege escalation via a crafted request. Affected component: OpenDaylight SFC (SFC Sodium-SR4 and below); root cause: flaws in Shiro RBAC enforcement allowing privileged operations. Impact (as per CV...

CVE-2024-27088 es5-ext Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`

es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into functioncopy or functiontoStringTokens may cause the script to stall. The vulnerability is patched in v0.10.63...

CVE-2023-47024

Cross-Site Request Forgery CSRF in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types...

Design/Logic Flaw

Insecure Permission vulnerability found in Wondershare Dr.Fone v.12.9.6 allows a remote attacker to escalate privileges via the service permission function...

CVE-2022-1300

Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service...

efiXplorer - IDA Plugin For UEFI Firmware Analysis And Reverse Engineering Automation

efiXplorer - IDA plugin for UEFI firmware analysis and reverse engineering automation Supported versions of Hex-Rays products: everytime we focus on last versions of IDA and Decompiler because we try to use most recent features from new SDK releases. That means we tested only on recent versions o...

The vulnerability of the rtas_args.nargs function in the arch/powerpc/kvm/book3s_rtas.c driver of the Linux operating system allows a attacker to trigger memory corruption on the host operating system.

The vulnerability of the rtasargs.nargs function in the arch/powerpc/kvm/book3srtas.c driver of the Linux operating system is related to the possibility of writing outside the specified field. Exploiting this vulnerability could allow an attacker to cause damage to the host’s operating system’s...

Input validation

A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service DoS condition. There are four instances of the npusim proces...

Debian DSA-4111-1 : libreoffice - security update

Mikhail Klementev, Ronnie Goodrich and Andrew Krasichkov discovered that missing restrictions in the implementation of the WEBSERVICE function in LibreOffice could result in the disclosure of arbitrary files readable by the user who opens a malformed document. C Tenable Network Security, Inc. The...

CVE-2017-12566

In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMVGImage in coders/mvg.c, which allows attackers to cause a denial of service, related to the function ReadSVGImage in svg.c...

CVE-2011-0431

The afslinuxlock function in afs/LINUX/osivnodeops.c in the kernel module in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions does not properly handle errors, which allows attackers to cause a denial of service via unknown vectors. NOTE: some of these details are obtained from third par...