Deserialization of untrusted data

knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. Version 1.4.2 added a check if...

Design/Logic Flaw

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain elevated privileges...

Sql injection

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...

Cross site scripting

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts an...

Memory corruption

Memory corruption due to improper validation of array index in WLAN HAL when received lmitemNum is out of range...

Design/Logic Flaw

In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08037801; Issue ID: ALPS08037801...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Realwebcare WRC Pricing Tables plugin = 2.3.7 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Teplitsa of social technologies Leyka plugin = 3.30.1 versions...

Design/Logic Flaw

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop...

Design/Logic Flaw

The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'updatecoreuser' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the...

Heap overflow

p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCdbool at CPP/7zip/Archive/Zip/ZipIn.cpp...

Design/Logic Flaw

An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest...

Code injection

An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfdmachogetsyntheticsymtab in match-o.c...

Buffer overflow

Buffer Overflow vulnerability in LibRaw::stretch function in libraw\src\postprocessing\aspectratio.cpp...

Design/Logic Flaw

Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text fro...

Command injection

A vulnerability was found in TOTOLINK EX1200L ENV9.3.5u.6146B20201023 and classified as critical. This issue affects the function setWanCfg. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The...

Buffer overflow

Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c...

Privilege escalation

GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of setid family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary us...

Remote file inclusion

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wpabspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allowurlinclude is enabled. Local File...

Design/Logic Flaw

Unauthorized error injection in IntelR SGX or IntelR TDX for some IntelR XeonR Processors may allow a privileged user to potentially enable escalation of privilege via local access...

Cross site request forgery (csrf)

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.9, 26.0.4, and 27.0.1, unauthenticated users could send a DAV request which reveals whether a calendar or an address book with the given identifier exists for...

Code injection

Cacti before 1.2.6 allows IDOR Insecure Direct Object Reference for accessing any graph via a modified localgraphid parameter to graphxport.php. This is a different vulnerability than CVE-2019-16723...

Design/Logic Flaw

go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in th...

Design/Logic Flaw

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality...

Remote code execution

Microsoft Excel Remote Code Execution Vulnerability...

Privilege escalation

Windows System Assessment Tool Elevation of Privilege Vulnerability...

Spoofing

Microsoft Exchange Server Spoofing Vulnerability...

Stack overflow

Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use...

Memory corruption

Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 116, Firefox ESR...

Sql injection

Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page...

Open redirect

Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 13.0.1.2 via the referer parameter...

Code injection

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...

Design/Logic Flaw

Vulnerability in the Oracle Self-Service Human Resources product of Oracle E-Business Suite component: Workforce Management. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

Design/Logic Flaw

An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, leading to an out-of-bounds read...

Buffer overflow

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50W series firmware versions 4.16 through 5.36 Patch 2, USG20W-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN...

Design/Logic Flaw

Adobe InDesign versions ID18.3 and earlier and ID17.4.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user...

Denial of service

Remote Procedure Call Runtime Denial of Service Vulnerability...

Privilege escalation

Microsoft Defender Elevation of Privilege Vulnerability...

Security feature bypass

Windows MSHTML Platform Security Feature Bypass Vulnerability...

Security feature bypass

Azure Active Directory Security Feature Bypass Vulnerability...

Stack overflow

A stack-based buffer overflow vulnerability exists in the urvpnclient httpconnectionreadcb functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability...

Design/Logic Flaw

A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396parser.rb and rfc3986parser.rb. NOTE: this issue exists becuse of a...

Authentication flaw

Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators...

Design/Logic Flaw

Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This...

Design/Logic Flaw

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to execute arbitrary code with kernel...

Buffer overflow

libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits at /libtiff/tools/tiffcrop.c:3753...

Privilege escalation

Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability...

Stack overflow

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service...

Remote code execution

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability...

Privilege escalation

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability...