77 matches found
CVE-2024-52005 The sideband payload is passed unfiltered to the terminal in git
Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the...
CVE-2024-52005 The sideband payload is passed unfiltered to the terminal in git
Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the...
Git 安全漏洞
Git is a free, open-source distributed version control system open-sourced by Git. A security vulnerability exists in Git that stems from an unprotected ANSI escape sequence in sideband channel messaging, which can be exploited by malicious people to hide or distort information or mislead users...
libreoffice: create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic
A flaw was found in LibreOffice. Unchecked script execution in graphic on-click binding allows an attacker to create a document, which, without a prompt, will execute scripts built into LibreOffice when clicking a graphic. These scripts were previously deemed trusted but are now deemed untrusted...
libreoffice: create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic
A flaw was found in LibreOffice. Unchecked script execution in graphic on-click binding allows an attacker to create a document, which, without a prompt, will execute scripts built into LibreOffice when clicking a graphic. These scripts were previously deemed trusted but are now deemed untrusted...
SUSE CVE-2024-3044
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted...
CVE-2024-3044
A flaw was found in LibreOffice. Unchecked script execution in graphic on-click binding allows an attacker to create a document, which, without a prompt, will execute scripts built into LibreOffice when clicking a graphic. These scripts were previously deemed trusted but are now deemed untrusted...
DEBIAN-CVE-2024-3044
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted...
UBUNTU-CVE-2024-3044
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted...
CVE-2023-5344
A heap-based buffer overflow vulnerability was found in Vim's truncstring function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of...
CVE-2023-40621
SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before...
Default credentials
SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before...
CVE-2023-40621 Code Injection vulnerability in SAP PowerDesigner Client
SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before...
CVE-2020-20703
A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash. Mitigation Untrusted vim scripts with -s scriptin...
CVE-2023-2610
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. Mitigation Untrusted vim scripts with -s scriptin are not recommended to run...
CVE-2023-1355
A NULL pointer dereference vulnerability was discovered in vim's classobjectindex function at vim9class.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service. Mitigation...
CVE-2023-1170
A heap-based buffer overflow vulnerability was found in Vim's utfptr2char function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds rea...
CVE-2023-1175
A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yankcopyline function of the register.c file. This flaw allows illegal memory access when using virtual editing as "startspaces" goes negative. An attacker can trick a user into opening a specially...
SUSE CVE-2022-46908
SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE...
CVE-2023-0049
A flaw was found in vim, which is vulnerable to an out-of-bounds read in the buildstlstrhl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software. Mitigation Do not run vim with -s scriptin on untrusted scripts...