243 matches found
CVE-2023-36192
Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capturewscheckpacket at /src/capture.c...
fdkaac 缓冲区错误漏洞
fdkaac is a command-line front-end for the libfdk-aac encoder by the Japanese individual developer nu774. A security vulnerability exists in versions of fdkaac prior to 1.0.5, which stems from the discovery of a stack overflow vulnerability via the readcallback function in src/main.c. The...
CVE-2020-23260
An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file...
UBUNTU-CVE-2022-48337
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u " command suggested in the eta...
GNU Emacs 操作系统命令注入漏洞
GNU Emacs is a family of text editors in the American GNU community. An operating system command injection vulnerability exists in GNU Emacs version 28.2 and earlier. An attacker can exploit this vulnerability to execute commands via shell metacharacters in the name of a source code file...
CVE-2022-48337
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u " command suggested in the eta...
SUSE CVE-2012-0804
Heap-based buffer overflow in the proxyconnect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service crash and possibly execute arbitrary code via a crafted HTTP response...
SUSE CVE-2012-3456
Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted ODF style in an ODF...
SUSE CVE-2017-11109
Vim 8.0 allows attackers to cause a denial of service invalid free or possibly have unspecified other impact via a crafted source aka -S file. NOTE: there might be a limited number of scenarios in which this has security relevance...
The vulnerability in the src/normal.c component of the text editor Vim allows a hacker to execute arbitrary code.
The vulnerability in the src/normal.c component of the Vim text editor is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
Surpass 路径遍历漏洞
Surpass is a PHP package developed primarily for Laravel by the individual developer Sukohi Kuhoh. It is used to manage uploading images and displaying thumbnails using Ajax. A path traversal vulnerability exists in Surpass versions prior to 1.0.0, which stems from unknown code in the file...
PYSEC-2022-43144
Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc...
Soil 跨站脚本漏洞
Soil is Roots open source a WordPress plugin . Used to apply theme-independent front-end modifications. A cross-site scripting vulnerability exists in Soil versions prior to 4.1.0, which originates in the function languageattributes in the file src/Modules/CleanUpModule.php, where manipulation of...
bible-online SQL注入漏洞
bible-online is an online Bible application by James M.Z. Personal Developer. bible-online suffers from an SQL injection vulnerability that originates in a function query in the file src/main/java/custom/application/search.java of the component Search Handler, which operates to cause SQL injectio...
OESA-2022-2131 emacs security update
Emacs is the extensible, customizable, self-documenting real-time display editor.At its core is an interpreter for Emacs Lisp, a dialect of the Lisp programming language with extensions to support text editing. And it is an entire ecosystem of functionality beyond text editing, including a projec...
[SECURITY] Fedora 37 Update: llhttp-6.0.10-1.fc37
This project is a port of httpparser to TypeScript. llparse is used to generate the output C source file, which could be compiled and linked with the embedder's program like Node.js. This copy of the library is compiled with LLHTTPSTRICTMODE set to 0 disabled, which is the default...
CVE-2022-39280 Regular expression denial of service in dparse
dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version...
JPEGDEC 安全漏洞
JPEGDEC is a JPEG decoder optimized for Arduino by the individual developer Larry Bank. A security vulnerability exists in JPEGDEC that stems from a segmentation error in the fseek module of the /src/jpeg.inl file...
Command Injection
node-latex-pdf is vulnerable to command injection. Insecure handling of compilation and execution of source file in selflatex function in node-latex-pdf.js allows an attacker to inject and execute malicious commands...
Cesanta MJS 代码问题漏洞
Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are a small footprint and simple C/C++ interoperability. A security vulnerability exists in Cesanta MJS mJS: Restricted JavaScript engine...