Design/Logic Flaw

OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who managed to hijack an adm...

Code injection

The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory,...

Privilege escalation

Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Node.js is used. An attacker can gain admin privileges and carry out malicious activities such as...

Buffer overflow

The resendbytes function in roamingcommon.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key...

Code injection

Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content...

Design/Logic Flaw

Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the...

Integer overflow

An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is...

Design/Logic Flaw

Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escalate privileges by modifying a file that is later executed by a higher-privileged user...

Sql injection

SQL injection vulnerability in view.php in E-topbiz AdManager 4 allows remote attackers to execute arbitrary SQL commands via the group parameter...

Cross site request forgery (csrf)

Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and...

Design/Logic Flaw

Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta...

Design/Logic Flaw

A DLL side loading vulnerability in the Windows Service in TeamViewer versions up to 11.0.133222 fixed in 11.0.214397, 12.0.181268 fixed in 12.0.214399, 13.2.36215 fixed in 13.2.36216, and 14.6.4835 fixed in 14.7.1965 on Windows could allow an attacker to perform code execution on a target system...

Buffer overflow

A buffer overflow in Synthesia before 10.7.5567, when a non-Latin locale is used, allows user-assisted attackers to cause a denial of service application crash via a crafted MIDI file with malformed bytes. This file is mishandled during a deletion attempt. In Synthesia before 10.9, an improper pa...

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: Client programs. Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

Privilege escalation

A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus newbbplus module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the 1 bbPathpath parameter to votepolls.php and the 2 bbPathroottheme parameter to config.php, different vectors than...

Remote code execution

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is...

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Serve...

Design/Logic Flaw

An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter a short integer. Remote code execution may occur if...

Design/Logic Flaw

The software update mechanism as used in Bare Bones Software Yojimbo before 4.0, TextWrangler before 4.5.3, and BBEdit before 10.5.5 does not properly download and verify updates before installation, which allows attackers to perform "tampering or corruption" of the updates...

Hardcoded credentials

The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to obtain the private key...

Improper access control

Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would lo...

Cross site scripting

Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5,...

Remote code execution

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdomysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can...

Information disclosure

Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process...

Code injection

Audacity 2.1.2 through 2.3.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitrary code execution...

Remote code execution

Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it...

Cross site scripting

The Simplenia Pages plugin 2.6.0 for Atlassian Bitbucket Server has XSS...

Cross site scripting

The authparseoptions function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorizedkeys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user accoun...

Command injection

Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the childprocess exec function without input sanitization. If attacker-controlled user input is given to the macaddressfor function of the package, it is possible for the attacker to execute...

Cross site scripting

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise and escape the QUERYSTRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters...

Design/Logic Flaw

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to...

Remote file inclusion

PHP remote file inclusion vulnerability in include.php in PHPCentral Login 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the SERVERDOCUMENTROOT parameter. NOTE: a third party disputes this vulnerability because of the special nature of the SERVER superglobal array...

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

Stack overflow

In lighttpd 1.4.46 through 1.4.63, the modextforwardForwarded function of the modextforward plugin has a stack-based buffer overflow 4 bytes representing -1, as demonstrated by remote denial of service daemon crash in a non-default configuration. The non-default configuration requires handling of...

Design/Logic Flaw

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement...

Race condition

Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute...

Open redirect

ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call...

Remote code execution

Exim 4.85 through 4.92 fixed in 4.92.1 allows remote code execution as root in some unusual configurations that use the $sort expansion for items that can be controlled by an attacker e.g., $localpart or $domain...

Authentication flaw

Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted...

Heap overflow

The 1 roamingread and 2 roamingwrite functions in roamingcommon.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service heap-based...

Code injection

The 1 remoteglob function in sftp-glob.c and the 2 processput function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service CPU and memory consumption via crafted glob...

Code injection

IrfanView version 4.44 32bit might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at...

Authentication flaw

The sshgssapiparseename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service memory consumption via a large value in a certain length field. NOTE: there may be limited scenarios in which...

Buffer overflow

Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the...

Stack overflow

PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the...

Code injection

Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 update for Apple OS X, when patching with desktop management tools, allows local users to gain privileges via unspecified vectors during installation of the update by a different user who has administrative privileges...

Design/Logic Flaw

nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified...

Design/Logic Flaw

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

Design/Logic Flaw

Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to denyfile parsing...