CVE-2023-41633

Catdoc v0.95 contains a NULL pointer dereference in the xls2csv component (src/fileutil.c). This CVE (CVE-2023-41633) is supported by multiple sources (NVD, Red Hat, OSV, etc.). The vulnerability can cause crashes (availability impact), but exploitation details and a vendor patch are not provided...

Integer overflow

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in consumecount of src/gnuv2/cplus-dem.c. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block...

Medium: cups

Issue Overview: OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service DoS attack. A buffer overflow vulnerability in the function formatlogline could allow remote attackers...

SUSE CVE-2023-3180

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...

AZL-31817 CVE-2023-3180 affecting package qemu for versions less than 6.2.0-23

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...

CVE-2023-37613

A cross-site scripting XSS vulnerability in Assembly Software Trialworks v11.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the asset src parameter...

CVE-2023-37613

A cross-site scripting XSS vulnerability in Assembly Software Trialworks v11.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the asset src parameter...

CVE-2023-37613

CVE-2023-37613 describes an XSS vulnerability in Assembly Software Trialworks v11.4, where an attacker can inject a crafted payload into the asset src parameter to execute arbitrary web scripts/HTML in the victim’s browser. The connected sources consistently identify the affected product/version ...

PT-2023-26043 · Assembly · Trialworks

Name of the Vulnerable Software and Affected Versions: Assembly Software Trialworks version 11.4 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the asset src parameter. This enables the execution of...

Medium: zstd

Issue Overview: In zstd, supplying an empty string as an argument to either --output-dir-flat or --output-dir-mirror may cause a buffer overrun. CVE-2022-4899 Affected Packages: zstd Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...

Medium: iniparser

Issue Overview: iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparsergetlongint which misses check NULL for function iniparsergetstring's return. CVE-2023-33461 Affected Packages: iniparser Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit thi...

CVE-2022-33065

Multiple signed integers overflow in function aureadheader in src/au.c and in functions mat4open and mat4readheader in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts...

CVE-2023-32627 Floating point exception in src/voc.c

A floating point exception vulnerability was found in sox, in the readsamples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service...

Buffer overflow

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

PT-2023-5156 · Milesight · Milesight Ur32L

Name of the Vulnerable Software and Affected Versions: Milesight UR32L version 32.3.0.5 Description: The issue is caused by multiple buffer overflow vulnerabilities in the vtysh ubus binary due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code...

CVE-2023-30325

CVE-2023-30325 describes a SQL injection vulnerability in the Java-based ChatEngine v1.0, specifically via the textMessage parameter in /src/chatbotapp/chatWindow.java. The weakness allows an attacker to potentially exfiltrate sensitive data. Public sources consistently identify the affected comp...

Denial Of Service (DoS)

libX11.so is vulnerable to Denial Of Service DoS. The vulnerability exists due to a memory corruption in multiple functions of src/InitExt.c because they do not check array limits properly causing an out-of-bounds which allows an attacker to crash the application...

CVE-2023-36193

Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via the ambiguityerror component at /src/clp.c...

CVE-2023-36192

Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capturewscheckpacket at /src/capture.c...

CVE-2023-36193

Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via the ambiguityerror component at /src/clp.c...