scrcpy 缓冲区错误漏洞

scrcpy is an open source Android device control software by Genymobile. A buffer error vulnerability exists in scrcpy versions 3.3.3 and earlier and 3e40b24 and earlier, which stems from a global buffer overflow in the scread32be function, which could lead to memory corruption or a crash...

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-1204)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1204 advisory. REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be...

DoS vulnerability in REXML

REXML has a DoS condition when parsing malformed XML file REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXM...

GHSA-C2F4-JGMC-Q2R5 REXML has DoS condition when parsing malformed XML file

Impact The REXML gems from 3.3.3 to 3.4.1 have a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. Patches REXML gems 3.4.2 or later include the patches to fix these vulnerabilities...

REXML has DoS condition when parsing malformed XML file

Impact The REXML gems from 3.3.3 to 3.4.1 have a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. Patches REXML gems 3.4.2 or later include the patches to fix these vulnerabilities...

I-net Software HelpDesk 信任管理问题漏洞

I-net Software HelpDesk is a suite of service management helpdesk software from I-net Software, Germany. A trust management issue vulnerability exists in I-net Software HelpDesk versions prior to 3.3.3 that stems from improper certificate validation, which could allow a remote attacker to...

PT-2024-20500 · Addonmaster · Load More Anything

Name of the Vulnerable Software and Affected Versions: Load More Anything versions 3.3.3 and earlier Description: The issue is related to a Missing Authorization vulnerability in AddonMaster Load More Anything. Recommendations: For versions 3.3.3 and earlier, update to a version that contains a f...

PT-2024-24004 · WordPress · Masterstudy Lms

Name of the Vulnerable Software and Affected Versions: MasterStudy LMS plugin for WordPress versions up to, and including, 3.3.3 Description: The issue allows unauthenticated attackers to include and execute arbitrary files on the server via the template parameter. This enables the execution of a...

PT-2024-23271 · Wpdeveloper · Wpdeveloper Betterdocs

Name of the Vulnerable Software and Affected Versions: WPDeveloper BetterDocs versions 3.3.3 and earlier Description: The issue is related to the deserialization of untrusted data. This can potentially lead to security risks, as deserializing untrusted data can allow an attacker to execute...

vantage6-node (>=3.3.3 <=3.7.3), vantage6-server (>=3.3.3 <=3.7.3) potentially affected by CVE-2022-39228 via vantage6 (>=3.3.3 <=3.7.3)

vantage6 PYPI version =3.3.3, =3.3.3, =3.3.3, =3.7.3 Source cves: CVE-2022-39228 Source advisory: OSV:PYSEC-2023-313...

PT-2023-10808 · Unknown · Joomgallery

Name of the Vulnerable Software and Affected Versions: JoomGallery versions up to 3.3.3 Description: A critical issue was found in JoomGallery, affecting an unknown part of the file administrator/components/com joomgallery/views/config/tmpl/default.php of the component Image Sort Handler. The...

DEBIAN-CVE-2022-39956

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

PT-2014-3531 · Ovirt · Ovirt Engine Reports

Name of the Vulnerable Software and Affected Versions: ovirt-engine-reports versions prior to 3.3.3 Description: The issue allows local users to obtain sensitive information by reading configuration files due to world-readable permissions. Recommendations: For versions prior to 3.3.3, update to...

ovirt-engine-dwh: setup script logs database password in cleartext

The setup script in ovirt-engine-dwh, as used in the Red Hat Enterprise Virtualization Manager data warehouse rhevm-dwh package before 3.3.3, stores the history database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file...