CVE-2023-50328 IBM PowerSC information disclosure

IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110...

CVE-2023-50328 IBM PowerSC information disclosure

IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110...

CVE-2023-50328

CVE-2023-50328 affects IBM PowerSC 1.3, 2.0, and 2.1. A vulnerability allowed remote attackers to view session identifiers passed via URL query strings. The IBM bulletin lists PowerSC 2.2 as the remediation (update to 2.2 on Fix Central) and enumerates affected filesets (powerscStd.uiServer, powe...

IBM PowerSC 安全漏洞

IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. An information disclosure vulnerability exists in IBM PowerSC, which can be exploited by an attacker to view session identifiers passed via URL query strings...

Code injection

An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. It allows remote attackers to cause a denial of service DoS via crafted strings to Feed-Me Name and Feed-Me URL fields, due to saving a feed using an Asset element type with no volume selected. NOTE: this is not a report about cod...

libxml2: Hashing of empty dict strings isn't deterministic

A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors...

python: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to DoS

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are no...

CVE-2023-51889

Stack Overflow vulnerability in the validate function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL...

PT-2024-20220 · Eserver · Ezserver

Name of the Vulnerable Software and Affected Versions: EzServer version 6.4.017 Description: The issue allows a denial of service daemon crash via a long string, such as one for the RNTO command. Recommendations: For EzServer version 6.4.017, consider restricting the length of input strings to...

Amazon Linux AMI : perl-Spreadsheet-ParseExcel (ALAS-2024-1905)

The version of perl-Spreadsheet-ParseExcel installed on the remote host is prior to 0.5900-5.3. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1905 advisory. Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel i...

EulerOS 2.0 SP11 : ruby (EulerOS-SA-2023-2666)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific...

EulerOS 2.0 SP11 : ruby (EulerOS-SA-2023-2708)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific...

CVE-2023-49237

An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Command injection can occur because the system function is used by davinci to unpack language packs without strict filtering of URL strings...

Command injection

An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Command injection can occur because the system function is used by davinci to unpack language packs without strict filtering of URL strings...

CVE-2023-49237

An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Command injection can occur because the system function is used by davinci to unpack language packs without strict filtering of URL strings...

CVE-2023-29050

Technical details (affected product/versions/root cause/impact/remediation) are not publicly provided in the supplied documents. Monitor for updates from vendors and advisories.

CVE-2023-29050

The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and potentially cause high load on the directory...

CVE-2023-29050

The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and potentially cause high load on the directory...

Spreadsheet::ParseExcel Remote Code Execution Vulnerability

Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings within the Excel parsing logic...

CVE-2023-52267

ehttp 1.0.6 before 17405b9 has a simplelog.cpp log out-of-bounds-read during error logging for long strings...