105 matches found
CVE-2024-47540
GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gstmatroskademuxaddwvpkheader function within matroska-demux.c. When size allocator-memunmapfull or mem-allocator-memunmap. This vulnerability coul...
Unspecified vulnerability in Linux kernel (CNVD-2024-46428)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a security vulnerability that stems from an execution queue leak. No details of the vulnerability are provided at this time...
PT-2024-8536 · Unknown +4 · Modules::Scandeps +4
Name of the Vulnerable Software and Affected Versions: Modules::ScanDeps versions prior to 1.36 Description: The issue is related to the Modules::ScanDeps library, which does not properly sanitize input. This can allow an attacker to execute arbitrary shell commands. A local attacker could exploi...
Tenda AC7 ate_ifconfig_set function command injection vulnerability
Tenda AC7 is a wireless router from Tenda, a Chinese company. The Tenda AC7 suffers from a command injection vulnerability that stems from ateifconfigset failing to properly filter construct command special characters, commands, etc. The vulnerability can be exploited to execute arbitrary command...
Execution With Unnecessary Privileges
github.com/openshift/builder is vulnerable to Execution With Unnecessary Privileges. The vulnerability is caused due to improper validation of the spec.source.secrets.secret.destinationDir attribute, allowing path traversal that enables a malicious user to override executable files inside the...
GTKWave out-of-bounds write vulnerability (CNVD-2024-04856)
GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. An out-of-bounds write vulnerability exists in GTKWave version 3.3.115, which can be exploited by an attacker to cause arbitrary code execution via specially crafted .vzt files...
GTKWave Arbitrary Write Vulnerability (CNVD-2024-04851)
GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. An arbitrary write vulnerability exists in GTKWave version 3.3.115, which can be exploited by an attacker to cause arbitrary code execution via specially crafted .vcd files...
Google Chrome memory misreference vulnerability (CNVD-2024-10413)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a memory misreference vulnerability that is due to free usage in the WebGPU. An attacker can exploit the vulnerability to execute arbitrary code on the system...
CVE-2023-3662 CODESYS: Vulnerability in CODESYS Development System allows for execution of binaries
In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context...
PT-2023-25985 · Unknown · Zenstruck/Collections
Name of the Vulnerable Software and Affected Versions: zenstruck/collections versions prior to 0.2.1 Description: The issue arises from passing callable strings, such as system, which causes the function to be executed. This results in a limited subset of specific user input being executed as if ...
CVE-2023-29455
Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts...
PT-2023-20663 · Unknown · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 6.2-milestone-1 through 14.8 XWiki Platform versions 14.4 through 14.4.5 XWiki Platform versions 13.10 through 13.10.9 Description: XWiki Platform is a generic wiki platform where, starting in version 6.2-milestone-1,...
CVE-2020-19824
An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the aoc parameter...
PYSEC-2022-43163
WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package...
CVE-2022-29129 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
...
Arbitrary Code Execution
chromium is vulnerable to arbitrary code execution. A stack-based buffer overflow in Printing allows an attacker to execute arbitrary code on the host OS...
PT-2021-2444
Name of the Vulnerable Software and Affected Versions: Apache Tomcat affected versions not specified Description: The issue is related to a configuration server implementation vulnerability in Apache Tomcat, which involves the recovery of unreliable data in memory due to buffer deserialization. A...
Arbitrary Code Execution
imagemagick is vulnerable to arbitrary code execution. A heap-based buffer over-read in MagickCore/fourier.c allows an attacker to execute code on the system due to incorrect calls to GetCacheViewVirtualPixels...
PT-2020-4638
Name of the Vulnerable Software and Affected Versions jQuery versions 1.2 through 3.5.0 Description The issue is related to the execution of untrusted code when passing HTML from untrusted sources to jQuery's DOM manipulation methods, such as .html, .append, and others, even after sanitizing the...
CVE-2019-10799
compile-sass prior to 1.0.5 allows execution of arbritary commands. The function "setupCleanupOnExitcssPath" within "dist/index.js" is executed as part of the "rm" command without any sanitization...