18 matches found
EUVD-2020-0248
Malware in sbrugna...
CVE-2021-34143
The Bluetooth Classic implementation in the Zhuhai Jieli AC6366CDEMOV1.0 does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service deadlock of the device by flooding it with LMPAURand packets after paging...
CVE-2020-5228
Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. OAI-PMH is part of the default workflow and is activated by default, requiring active user intervention of users to protect media. This leads to users unknowingly handing out public...
SUSE-SU-2024:1437-1 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 115.10.1 Security fixes MFSA 2024-20 bsc1222535: - CVE-2024-3852: GetBoundName in the JIT returned the wrong object bmo1883542 - CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement...
GHSA-CXVP-82CQ-57H2 blurhash panics on parsing crafted inputs
Impact The blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on untrusted input. In a typical deployment, this may get triggered by feeding a maliciously crafted blurhashes over the network. These may include: - UTF-8 compliant strings containing multi-byte UTF-...
CVE-2023-42447 blurhash panics on parsing crafted inputs
blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. In version 0.1.1, the blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on...
RUSTSEC-2023-0083 blurhash: panic on parsing crafted blurhash inputs
Impact The blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on untrusted input. In a typical deployment, this may get triggered by feeding a maliciously crafted blurhashes over the network. These may include: - UTF-8 compliant strings containing multi-byte UTF-...
Design/Logic Flaw
The Bluetooth Classic implementation in the Zhuhai Jieli AC6366CDEMOV1.0 does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service deadlock of the device by flooding it with LMPAURand packets after paging...
CVE-2020-5228
Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. OAI-PMH is part of the default workflow and is activated by default, requiring active user intervention of users to protect media. This leads to users unknowingly handing out public...
Zendesk: XSS with needed user intervention
The researcher found an XSS issue where an end-user could exploit an agent...
Blender 2.34, 2.35a, 2.4, 2.49b .blend File Command Injection
Exploit for unknown platform in category remote exploits ============================================================= Blender 2.34, 2.35a, 2.4, 2.49b .blend File Command Injection ============================================================= Title: Blender 2.34, 2.35a, 2.4, 2.49b .blend File...
Blender 2.342.35a2.42.49b - .blend Command Injection
Blender 2.342.35a2.42.49b - .blend Command Injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Blender .blend Project Arbitrary Command Execution 1. Advisory Information Title: Blender .blend Project Arbitrar...
Akamai Download Manager ActiveX code execution
It's possible to download and execute code without user intervation...
Microsoft Outlook information leak (callback)
By setting CA certificate URL field in certificate used for message signing, it's possible to force Outlook to issue HTTP request without user intervation...
Safari for Windows insecure files download
File of any type can be downloaded to desktop without intervation with user...
xfinder-ds.pl
HEADER: OSX Finder DSStore arbitrary file overwrite vulnerability. CONTACT: vade79 - [email protected] fakehalo/realhalo CATEGORY: Local with user intervention. IMPACT: Privilege escalation. REFERENCE: http://fakehalo.us/xfinder-ds.pl BACKGROUND: The Finder is the application that Mac OS X and earli...
Microsoft Internet Explorer code execution
If page contains large number of elements like FRAME SRC="C:winntregedit.exe"/FRAME application will be executed without user's intervation...
ms-excel-macros-dll.txt
Microsoft Excel macros can execute DLL functions. Microsoft Excel - a spreadsheet program created by Microsoft - is vulnerable to an exploit that allows the execution DLL functions without user intervention or knowledge. Microsoft Excel has a function named "CALL" which can be embedded in...