45 matches found
EUVD-2021-24893
Malware in sbrugna...
EUVD-2024-42464
Malicious code in bioql PyPI...
EUVD-2024-18456
Malicious code in bioql PyPI...
EUVD-2024-41326
Malicious code in bioql PyPI...
EUVD-2024-36231
Malicious code in bioql PyPI...
CVE-2024-36877
Micro-Star International Z-series motherboards Z590, Z490, and Z790 and B-series motherboards B760, B560, B660, and B460 with firmware 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H was discovered to contain a write-what-where condition in the in the SW handler for SMI 0xE3. Motherboard's wi...
CVE-2024-20037
In pq, there is a possible write-what-where condition due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495937; Issue ID: ALPS08495937...
CVE-2024-47438 Substance3D - Painter | Write-what-where Condition (CWE-123)
Substance3D - Painter versions 10.1.0 and earlier are affected by a Write-what-where Condition vulnerability that could lead to a memory leak. This vulnerability allows an attacker to write a controlled value at a controlled memory location, which could result in the disclosure of sensitive memor...
Adobe Substance 3D Sampler 3.0.4 Multiple Vulnerabilities (apsb24-81)
The version of Adobe Substance 3D Sampler installed on the remote host is prior to 3.0.4. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb24-81 advisory. - Substance3D - Stager versions 3.0.3 and earlier are affected by a Use After Free vulnerability that could...
CVE-2024-45142 Substance3D - Stager | Write-what-where Condition (CWE-123)
Substance3D - Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition vulnerability that could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability allows an attacker to write a controlled value to an arbitrary memory location,...
[SECURITY] [DLA 3585-1] exempi security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3585-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès September 25, 2023 https://wiki.debian.org/LTS -...
CVE-2023-34312
In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition...
OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability
The maintainers of OpenSSH have released OpenSSH 9.2 to address a number of security bugs, including a memory safety vulnerability in the OpenSSH server sshd. Tracked as CVE-2023-25136, the shortcoming has been classified as a pre-authentication double free vulnerability that was introduced in...
Fuji Electric D300win
1. EXECUTIVE SUMMARY CVSS v3 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Fuji Electric Equipment: D300win Vulnerabilities: Out-of-bounds Read, Write-what-where Condition 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in loss of sensitive...
ThinkPHP SQL injection vulnerability
In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request...
CVE-2021-38441 Eclipse CycloneDDS Write-what-where Condition
Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser...
CVE-2021-38441 Eclipse CycloneDDS Write-what-where Condition
Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser...
Siemens syngo fastView BMP File Parsing Write-what-where Condition Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens syngo fastView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...
Siemens Healthineers syngo fastView (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Healthineers, a subsidiary of Siemens Equipment: syngo fastView --------- Begin Update A Part 1 of 2 -------- Vulnerabilities: Out-of-bounds Write, Write-what-where Condition --------- End Update A Part 1 of 2...
PT-2021-4888 · Adobe +2 · Xmp Toolkit Sdk +2
Name of the Vulnerable Software and Affected Versions: XMP Toolkit SDK versions 2020.1 and earlier Description: The issue is related to a write-what-where condition vulnerability caused during the application's memory allocation process. This may cause the memory management functions to become...