CVE-2024-3116 Remote Code Execution Vulnerability through the validate binary path API in pgAdmin 4

pgAdmin = 8.4 is affected by a Remote Code Execution RCE vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the...

EulerOS Virtualization 2.10.1 : python-configobj (EulerOS-SA-2024-1367)

According to the versions of the python-configobj package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate...

EulerOS Virtualization 2.10.0 : python-configobj (EulerOS-SA-2024-1388)

According to the versions of the python-configobj package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate...

UBUNTU-CVE-2023-52606

In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being emulated. The size of those operations however is determined separately in analyseinstr...

CVE-2023-52606 powerpc/lib: Validate size for vector operations

In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being emulated. The size of those operations however is determined separately in analyseinstr...

UBUNTU-CVE-2021-47050

In the Linux kernel, the following vulnerability has been resolved: memory: renesas-rpc-if: fix possible NULL pointer dereference of resource The platformgetresourcebyname can return NULL which would be immediately dereferenced by resourcesize. Instead dereference it after validating the resource...

DEBIAN-CVE-2021-46934

In the Linux kernel, the following vulnerability has been resolved: i2c: validate user data in compat ioctl Wrong user data may cause warning in i2ctransfer, ex: zero msgs. Userspace should not be able to trigger warnings, so this patch adds validation checks for user data in compact ioctl to...

The vulnerability of the npm-user-validate package on the Node.js software platform allows a perpetrator to trigger a service failure.

The vulnerability of the npm-user-validate package on the Node.js software platform is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

CLSA-2024-1708427829 Fix CVE(s): CVE-2024-25062

SECURITY UPDATE: Use-after-free in xmlValidatePopElement - debian/patches/CVE-2024-25062.patch: Fix use-after-free if XML Reader with DTD validation and XInclude expansion by not expanding XIncludes when backtracking - CVE-2024-25062...

Heap overflow

The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer. While a FreeBSD Wi-Fi client is in scanning mode i.e., not associated with a SSID a malicious beacon frame may overwrite kernel memory, leading to remote code...

PT-2024-21206 · Unknown · Photoboxone Smtp Mail

Name of the Vulnerable Software and Affected Versions: Photoboxone SMTP Mail versions 1.3.20 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application...

EulerOS 2.0 SP5 : python-configobj (EulerOS-SA-2024-1161)

According to the versions of the python-configobj package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using...

PHPMailer Local file inclusion

Impact Arbitrary local file inclusion via the $lang property, remotely exploitable if host application passes unfiltered user data into that property. The 3 CVEs listed are applications that used PHPMailer that were vulnerable to this problem. Patches It's not known exactly when this was fixed in...

DEBIAN-CVE-2023-51889

Stack Overflow vulnerability in the validate function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL...

CVE-2023-51889

Stack Overflow vulnerability in the validate function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL...

UBUNTU-CVE-2023-51889

Stack Overflow vulnerability in the validate function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL...

CVE-2023-51889

Stack Overflow vulnerability in the validate function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL...

Mathtex Security Breach

Mathtex is a CGI program written in C for the Manim community. A security vulnerability exists in Mathtex version 1.05 and earlier, which stems from a stack overflow vulnerability in the validate method. A remote attacker can exploit this vulnerability to execute arbitrary code via a crafted stri...

PT-2024-14320 · Mathtex +1 · Mathtex +1

Name of the Vulnerable Software and Affected Versions: Mathtex versions 1.05 and earlier Description: The issue allows a remote attacker to execute arbitrary code via a crafted string in the application URL. This is due to a Stack Overflow vulnerability in the validate function. Recommendations:...

CVE-2023-51889

Stack Overflow vulnerability in the validate function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL...