CVE-2023-23913

There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method,...

CVE-2022-47007

An issue was discovered function stabdemanglev3arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks...

CVE-2022-47011

An issue was discovered function parsestabstructfields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks...

CVE-2022-45703

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function displaydebugsection in file readelf.c...

CVE-2022-44840

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function findsectioninset in file readelf.c...

CVE-2022-47010

An issue was discovered function prfunctiontype in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks...

USN-6204-1: CPDB vulnerability

Seth Arnold discovered that CPDB incorrectly handled certain characters. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

CVE-2023-25587

binutils: NULL pointer segmentation fault when accessing field thebfd in function comparesymbols Notes Author| Note ---|--- seth-arnold | binutils isn't safe for untrusted inputs...

CVE-2022-38126

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2021-40926

Cross-site scripting XSS vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter...

CVE-2013-2745

An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0...

CVE-2019-5419

There is a possible denial of service vulnerability in Action View Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive...

CVE-2018-8769

elfutils 0.170 has a buffer over-read in the ebldynamictagname function of libebl/ebldynamictagname.c because SYMTABSHNDX is unsupported...

CVE-2011-5320

scanf and related functions in glibc before 2.15 allow local users to cause a denial of service segmentation fault via a large string of 0s...

CVE-2015-1786

Cross-site request forgery CSRF vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers...

CVE-2017-6886

An error within the "parsetiffifd" function internal/dcrawcommon.cpp in LibRaw versions before 0.18.2 can be exploited to corrupt memory...

CVE-2017-5618

GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions...

CVE-2017-5638

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or...

CVE-2016-5399

The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service out-of-bounds write or execute arbitrary code via a crafted bz2 archive...

CVE-2015-5332

Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote attackers to cause a denial of service disk consumption by leveraging the guest role and entering drafts with the editor-autosave feature...