SUSE CVE-2023-29532

A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not...

BlackVue DR750-2CH LTE 数据伪造问题漏洞

BlackVue DR750-2CH LTE is an in-vehicle full HD monitor from BlackVue. A security vulnerability exists in the BlackVue DR750-2CH LTE version v.1.0122022.10.26, which stems from not checking the authenticity of uploaded firmware. An attacker could exploit the vulnerability to upload a firmware tha...

protobuf-c 输入验证错误漏洞

protobuf-c is a C-based protocol buffer implementation. A security vulnerability exists in protobuf-c versions prior to 1.4.1, which stems from the presence of an unsigned integer overflow...

CVE-2022-48468

CVE-2022-48468 affects protobuf-c prior to v1.4.1, with an unsigned integer overflow in parse_required_member. Connected advisories confirm the issue across distributions (e.g., Astra Linux, AlmaLinux, Amazon Linux 2, and Mariner/CBL) and consistently cite protobuf-c before 1.4.1 as vulnerable. T...

CVE-2022-48468

protobuf-c before 1.4.1 has an unsigned integer overflow in parserequiredmember...

CVE-2023-29532

The Mozilla Foundation Security Advisory describes this flaw as: A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before...

Mozilla Thunderbird < 102.10

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 102.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-15 advisory. - Mozilla developers Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team...

CVE-2023-28093

A user with a compromised configuration can start an unsigned binary as a service...

CVE-2023-28093

A user with a compromised configuration can start an unsigned binary as a service...

PT-2023-21553 · Pegasystems +1 · Synchronization Engine

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A user with a compromised configuration can start an unsigned binary as a service. There is no information provided about the estimated number of...

CVE-2023-28093

Concrete details found in connected documents indicate a Pegasystems Synchronization Engine vulnerability (Pegasystem Synchronization Engine) affecting versions 3.1.1 through 3.1.27. The issue allows a user with non-administrative access to modify a client configuration and server URL, enabling p...

CVE-2023-28093

A user with a compromised configuration can start an unsigned binary as a service...

OSV-2023-281 Heap-buffer-overflow in unsigned long simdutf::haswell::convert_masked_utf8_to_utf16<

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57673 Crash type: Heap-buffer-overflow WRITE 16 Crash state: unsigned long simdutf::haswell::convertmaskedutf8toutf16 simdutf::haswell::implementation::convertutf8toutf16le roundtrip.cc...

SUSE CVE-2023-0185

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information disclosure...

CVE-2023-28818

An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files aptare.jar or...

CVE-2023-28818

An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files aptare.jar or...

Design/Logic Flaw

An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files aptare.jar or...

Veritas Technologies Veritas NetBackup 数据伪造问题漏洞

Veritas Technologies Veritas NetBackup is a powerful enterprise-class data backup management software from Veritas Technologies, USA. A security vulnerability exists in Veritas Technologies Veritas NetBackup IT Analytics version 11 prior to 11.2.0, which stems from an application upgrade process...

CVE-2023-28818

An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files aptare.jar or...

CVE-2023-28818

An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files aptare.jar or...