The vulnerability of the FATEK WinProladder controller programming software lies in the use of memory after it is freed, allowing a hacker to execute arbitrary code.

The vulnerability of the FATEK WinProladder controller programming software lies in the use of memory after it is freed during syntax analysis of project files. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created file...

Mozilla Firefox Security Advisory (MFSA2012-02) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

CVE-2021-42838 Grand Vice info Co. webopac7 - Reflected XSS

Grand Vice info Co. webopac7 book search field parameter does not properly restrict the input of special characters, thus unauthenticated attackers can inject JavaScript syntax remotely, and further perform reflective XSS attacks...

openssl: Read buffer overruns processing ASN.1 strings

It was found that openssl assumed ASN.1 strings to be NUL terminated. A malicious actor may be able to force an application into calling openssl function with a specially crafted, non-NUL terminated string to deliberately hit this bug, which may result in a crash of the application, causing a...

The vulnerability of the FATEK WinProladder controller programming software lies in the fact that the write operation can exceed the buffer boundaries into memory. This allows a malicious actor to execute arbitrary code or cause a service failure.

The vulnerability of the FATEK WinProladder controller programming software lies in the fact that the write operation goes beyond the buffer boundaries into memory during PDW-file syntax analysis. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause system failures...

The vulnerability of the embedded software of NETGEAR R6700AX, NETGEAR R7800, NETGEAR R8900, NETGEAR R9000, NETGEAR RAX10, NETGEAR RAX120, NETGEAR RAX120v2, NETGEAR RAX70, NETGEAR RAX78, and NETGEAR XR700 lies in the ability to write data beyond the buffer, allowing an attacker to execute arbitrary code.

The vulnerability of the embedded software of NETGEAR R6700AX, NETGEAR R7800, NETGEAR R8900, NETGEAR R9000, NETGEAR RAX10, NETGEAR RAX120, NETGEAR RAX120v2, NETGEAR RAX70, NETGEAR RAX78, and NETGEAR XR700 lies in the fact that data is written beyond the buffer during syntax analysis of the...

python-pygments: Infinite loop in SML lexer may lead to DoS

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML SML source file, as demonstrated by input that only contains the "exception" keyword...

python-pygments: Infinite loop in SML lexer may lead to DoS

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML SML source file, as demonstrated by input that only contains the "exception" keyword...

python-pygments: Infinite loop in SML lexer may lead to DoS

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML SML source file, as demonstrated by input that only contains the "exception" keyword...

[SECURITY] Fedora 35 Update: curl-7.79.1-1.fc35

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

CVE-2021-43265

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag syntax could be used for XSS, such as via a SCRIPT element...

openSUSE 15 Security Update : python-Pygments (openSUSE-SU-2021:1402-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2021:1402-1 advisory. - An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML...

CVE-2021-38450

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software...

CVE-2021-38450

CVE-2021-38450 (Trane Tracer) is caused by improper sanitization of input containing code syntax, enabling code injection that could alter controller flow. Affected products and versions: Tracer SC (all versions before v4.4 SP7), Tracer SC+ (before v5.5 SP3), Tracer Concierge (before v5.5 SP3). I...

Read buffer overruns processing ASN.1 strings

...

MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.

...

The vulnerability of the management tool for virtual infrastructure, VMware vCenter Server, is related to incorrect syntactic analysis of XML objects, which allows a attacker to trigger a service failure.

The vulnerability of the VMware vCenter Server virtual infrastructure management tool is related to incorrect syntactic analysis of XML objects. Exploiting this vulnerability can allow a malicious actor to cause service failures...

CVE-2021-41565

TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks...

Cross site scripting

The new add subject parameter of Tad Uploader view book list function fails to filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks...

CVE-2021-41567 Tad Uploader - Stored XSS

The new add subject parameter of Tad Uploader view book list function fails to filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks...