CVE-2023-40546

A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a cras...

UBUNTU-CVE-2023-40546

A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a cras...

PT-2024-3588 · Openvpn · Openvpn Connect

Name of the Vulnerable Software and Affected Versions: OpenVPN Connect versions 3.0 through 3.4.3 Windows OpenVPN Connect versions 3.0 through 3.4.7 macOS Description: The issue is related to the nodejs framework in OpenVPN Connect, which was not properly configured. This configuration issue allo...

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...

VulnCheck KEV: CVE-2019-15642

rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialisevariable makes an eval call. NOTE: the WebminServersIndex documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it...

The vulnerability of NVIDIA’s SBIOS system, specifically the DGX A100 server, allows a hacker to trigger a service failure.

The vulnerability of NVIDIA’s SBIOS system, specifically the DGX A100 server, is related to incorrect dynamic analysis of variables. Exploiting this vulnerability can allow attackers to cause service failures...

EulerOS 2.0 SP8 : ncurses (EulerOS-SA-2023-3138)

According to the versions of the ncurses packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security- relevant memory corruption via malforme...

EulerOS Virtualization 2.11.0 : libssh (EulerOS-SA-2023-2759)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated...

Apache Solr allows read access to host environmet variables

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designe...

The vulnerability of the OpenVPN Connect software lies in its inability to properly execute instructions in the dynamically executed code, allowing a violator to execute arbitrary code.

The vulnerability of the OpenVPN Connect software is related to the failure to implement measures to neutralize the instructions in the dynamically executed code. Exploiting this vulnerability can allow an attacker to execute arbitrary code using the DYILDINSERTLIBRARIES environment variable...

CVE-2023-31032

NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service...

CVE-2023-31032

NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service...

Design/Logic Flaw

NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service...

CVE-2023-31032 CVE

NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service...

Design/Logic Flaw

Nginx-UI is an online statistics for Server Indicators?? Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using DefaultQuery, the "desc" and "id" values are used as default values if the query parameters are not set. Thu...

Code injection

The issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to access sensitive user data...

SUSE CVE-2023-37444

Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the...

Design/Logic Flaw

A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.20, CP-8050 MASTER MODULE All versions CPCI85 V05.20. The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being...

CVE-2023-42797

A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.20, CP-8050 MASTER MODULE All versions CPCI85 V05.20. The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being...

PT-2024-2951 · Gtkwave · Gtkwave

Name of the Vulnerable Software and Affected Versions: GTKWave version 3.3.115 Description: The issue is related to an improper array index validation vulnerability in the EVCD var len parsing functionality. This can lead to arbitrary code execution when a victim opens a specially crafted .evcd...