2184 matches found
UBUNTU-CVE-2023-21102
In efirtasmwrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...
jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAPSINGLEVALUEARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting...
PortEx - Java Library To Analyse Portable Executable Files With A Special Focus On Malware Analysis And PE Malformation Robustness
PortEx is a Java library for static malware analysis of Portable Executable files. Its focus is on PE malformation robustness, and anomaly detection. PortEx is written in Java and Scala, and targeted at Java applications. Features Reading header information from: MSDOS Header, COFF File Header,...
Cross-site scripting (XSS) stored in href bypasses filter using data wrapper
Description The XSS Cross-Site Scripting vulnerability found in the Caliber-Web application allows an attacker to inject malicious JavaScript code into a href via a data wrapper, containing a base64-encoded payload. This vulnerability specifically occurs in a book's Tag editing functionality. By...
@aprilsacil/wallet (>=0.1.36 <=0.1.51), @bosonprotocol/react-kit (>=0.1.0-alpha.0 <=0.1.0-alpha.2) +43 more potentially affected by CVE-2023-30543 via @web3-react/metamask (>=8.0.14-beta.0 <=8.0.28-beta.0)
@web3-react/metamask NPM version =8.0.14-beta.0, =0.1.36, =0.1.0-alpha.0, =0.0.46, =0.0.70, =1.0.0, =1.0.0, =0.0.1, =1.1.0, =0.0.3, =1.0.0, =1.0.0, =0.0.6-alpha.0, =0.0.12 - @huma-finance/widgets =0.0.6-alpha.0 and more Source cves: CVE-2023-30543 Source advisory: OSV:GHSA-8PF3-6FGR-3G3G...
DEBIAN-CVE-2022-37705
A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the...
Privilege escalation
A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the...
Updated libheif packages fix security vulnerability
Vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call. CVE-2023-0996...
php security update
An update is available for php. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PHP is an HTML-embedded scripting language commonly used with the Apache HTTP...
GHSA-FJRV-VX9M-4JPJ Veracode Scan Jenkins Plugin vulnerable to information disclosure
Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs, invokes the Veracode Java API Wrapper in a manner that allows local users with OS-level access of the Jenkins remote to discover Veracode API credentials by listing the process and its arguments...
Code injection
A credential-leak issue was discovered in related Veracode products before 2023-03-27. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs, invokes the Veracode Java API Wrapper in a manner that allows local users with OS-level access of the Jenkins remote to...
CVE-2023-25722
A credential-leak issue was discovered in related Veracode products before 2023-03-27. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs, invokes the Veracode Java API Wrapper in a manner that allows local users with OS-level access of the Jenkins remote to...
CLSA-2023-1679944242 Fix CVE(s): CVE-2022-31629, CVE-2022-31628, CVE-2022-31631
SECURITY UPDATE: Denial of service - debian/patches/CVE-2022-31628.patch: Fix potential infinite recursion in phar wrapper when using quine gzip file - CVE-2022-31628 SECURITY UPDATE: Cookie injection - debian/patches/CVE-2022-31629.patch: Add cookie integrity validation - CVE-2022-31629 SECURITY...
AZL-25843 CVE-2023-28448 affecting package cloud-hypervisor for versions less than 30.0-2
Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deserialize’ implementation provided by the ‘versionize’ crate for...
Malicious Package
Overview Anarchy.Wrapper.Net is a malicious package. This package adopts typosquatting techniques and attempts to trick users into downloading it. It contains a PowerShell script that will execute upon installation and trigger a download of a 2nd stage payload, which can be remotely executed...
Debian: Security Advisory (DLA-306-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAPSINGLEVALUEARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting...
jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAPSINGLEVALUEARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting...
jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAPSINGLEVALUEARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting...
jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAPSINGLEVALUEARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting...