CVE-2024-45769 Pcp: pmcd heap corruption through metric pmstore operations

A vulnerability was found in Performance Co-Pilot PCP. This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash...

PT-2024-2246

Name of the Vulnerable Software and Affected Versions Windows Kernel affected versions not specified Description The issue is related to insufficient input validation in the Windows Kernel, which can be exploited to cause a denial-of-service condition using specially crafted data. This allows...

BIT-POSTGRESQL-2023-5869 Postgresql: buffer overrun from integer overflow in array modification

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing...

RHEL 8 : postgresql:10 (RHSA-2023:7786)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7786 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Buffer overrun from integer overflow in arra...

The vulnerability of the HTTP service of D-Link G416 microprogrammed router software allows a hacker to execute arbitrary code.

The vulnerability of the D-Link G416 router’s microprogrammed software service lies in the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by transmitting specially created...

Memory corruption

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service DoS or code execution...

Command injection

OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where the product is...

Huawei HarmonyOS kernel module out-of-bounds read vulnerability

Huawei HarmonyOS is an operating system from Huawei China, Inc. providing a microkernel-based, full-scenario distributed operating system. Huawei HarmonyOS provides a microkernel-based, full-scenario distributed operating system. Huawei HarmonyOS suffers from an out-of-bounds read vulnerability,...

Adobe InDesign Buffer Overflow Vulnerability (CNVD-2022-55647)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from a buffer overflow vulnerability that stems from a lack of proper validation of user-supplied data, which can be exploited by an attacker to trigger a write beyond the en...

The vulnerability of the Schneider Electric Data Center Expert software lies in its ability to restore unreliable data into memory, allowing a perpetrator to execute arbitrary code.

The vulnerability of the Schneider Electric Data Center Expert monitoring software relates to the restoration of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using specially created data...

The vulnerability of Microsoft Exchange Server’s mail server, related to insufficient input validation, allows a hacker to execute arbitrary code.

The vulnerability of Microsoft Exchange Server is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted data to the server...

Weak Cryptography

github.com/gravitl/netmaker is using weak cryptography. The vulnerability exists because a hard-coded cryptographic key is used in the code base which allows an attacker to pass specially crafted data to the application and execute arbitrary commands on the system...

Microsoft Exchange Server 安全漏洞

Microsoft Exchange Server is a set of email service programs from Microsoft Corporation USA. Microsoft Exchange Server is a remote code execution vulnerability that can be exploited by attackers to remotely execute arbitrary code on the server by sending specially crafted malicious data to the...

CVE-2021-29781

IBM Partner Engagement Manager 2.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 203091...

Apache HTTP Server 代码问题漏洞

Apache HTTP Server is an open source web server from the Apache Foundation. The server is fast, reliable, and extensible via a simple API.A code issue vulnerability exists in Apache HTTP Server, which stems from a NULL pointer dereference error in mod sessions. A remote attacker could use this...

CVE-2019-1620 Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could...

The vulnerability of the pitchmark tool in the Edinburgh Speech Tool Library allows a perpetrator to trigger a service failure.

The vulnerability of the pitchmark tool in the Edinburgh Speech Tool Library is related to initialization errors. Exploiting this vulnerability can allow attackers to cause service failures in applications by entering specially crafted data...

Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Service Delivery Manager

Summary OpenSSL vulnerabilities were disclosed on September 22, 2016 by the OpenSSL Project. OpenSSL is installed on the operating system shipped via IBM Service Delivery Manager. IBM Service Delivery Manager has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6303 DESCRIPTIO...

Pidgin MXIT CP_SOCK_REC_TERM Denial of Service Vulnerability(CVE-2016-2369)

DESCRIPTION An NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnerability. A malicious server can send a packet starting with a NULL byte triggering the...