Unknown · CVSS Not scored
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1. Processing a maliciously crafted font may lead to arbitrary code execution.
Published Aug 14, 2023 · Updated Oct 8, 2024
Unknown · CVSS Not scored
Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-opt.
Published Aug 22, 2023 · Updated Oct 7, 2024
Unknown · CVSS Not scored
Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file.
Published Aug 22, 2023 · Updated Oct 7, 2024
Unknown · CVSS Not scored
The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.
Published Aug 22, 2023 · Updated Oct 7, 2024
Unknown · CVSS Not scored
Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format.
Published Aug 22, 2023 · Updated Oct 7, 2024
Unknown · CVSS Not scored
Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.
Published Aug 22, 2023 · Updated Oct 7, 2024
Unknown · CVSS Not scored
A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.
Published Aug 22, 2023 · Updated Oct 7, 2024
Unknown · CVSS Not scored
Buffer Overflow vulnerability in oggvideotools 0.9.1 allows remote attackers to run arbitrary code via opening of crafted ogg file.
Published Aug 22, 2023 · Updated Oct 7, 2024
Unknown · CVSS Not scored
Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame.
Published Aug 22, 2023 · Updated Oct 4, 2024
Unknown · CVSS Not scored
Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file.
Published Aug 22, 2023 · Updated Oct 4, 2024
Unknown · CVSS Not scored
Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file.
Published Aug 22, 2023 · Updated Oct 4, 2024
Unknown · CVSS Not scored
An issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service.
Published Aug 22, 2023 · Updated Oct 4, 2024
Unknown · CVSS Not scored
There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file.
Published Aug 22, 2023 · Updated Oct 4, 2024
Unknown · CVSS Not scored
A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command.
Published Aug 22, 2023 · Updated Oct 4, 2024
Unknown · CVSS Not scored
Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert.
Published Aug 22, 2023 · Updated Oct 4, 2024
Unknown · CVSS Not scored
Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file.
Published Aug 22, 2023 · Updated Oct 4, 2024
Unknown · CVSS Not scored
Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service.
Published Aug 22, 2023 · Updated Oct 4, 2024
Unknown · CVSS Not scored
A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command.
Published Aug 22, 2023 · Updated Oct 4, 2024
Unknown · CVSS Not scored
An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.
Published Aug 22, 2023 · Updated Oct 4, 2024
Unknown · CVSS Not scored
Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet.
Published Aug 22, 2023 · Updated Oct 4, 2024
Unknown · CVSS Not scored
Buffer Overflow vulnerability in function C_IStream::read in PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
Published Aug 22, 2023 · Updated Oct 4, 2024
Unknown · CVSS Not scored
An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled.
Published Aug 22, 2023 · Updated Oct 4, 2024
Unknown · CVSS Not scored
Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document.
Published Aug 22, 2023 · Updated Oct 4, 2024
Unknown · CVSS Not scored
There is a use-after-free vulnerability in file pdd_simplifier.cpp in Z3 before 4.8.8. It occurs when the solver attempt to simplify the constraints and causes unexpected memory access. It can cause segmentation faults or arbitrary code execution.
Published Aug 22, 2023 · Updated Oct 4, 2024
Medium · CVSS 6.5
A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.
Published Aug 22, 2023 · Updated Oct 3, 2024
Unknown · CVSS Not scored
A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file.
Published Aug 22, 2023 · Updated Oct 3, 2024
Unknown · CVSS Not scored
A Segmentation Fault issue discovered StreamSerializer::extractStreams function in streamSerializer.cpp in oggvideotools 0.9.1 allows remote attackers to cause a denial of service (crash) via opening of crafted ogg file.
Published Aug 22, 2023 · Updated Oct 3, 2024
Unknown · CVSS Not scored
Buffer Overflow vulnerability in ExtractorInformation function in streamExtractor.cpp in oggvideotools 0.9.1 allows remaote attackers to run arbitrary code via opening of crafted ogg file.
Published Aug 22, 2023 · Updated Oct 3, 2024
Unknown · CVSS Not scored
A reflected cross site scripting (XSS) vulnerability was discovered on Samsung sww-3400rw Router devices via the m2 parameter of the sess-bin/command.cgi
Published Aug 22, 2023 · Updated Oct 3, 2024
Unknown · CVSS Not scored
Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.
Published Aug 22, 2023 · Updated Oct 3, 2024
Unknown · CVSS Not scored
Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.
Published Aug 22, 2023 · Updated Oct 3, 2024
Unknown · CVSS Not scored
The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests.
Published Aug 22, 2023 · Updated Oct 3, 2024
Unknown · CVSS Not scored
An issue was discovered in spice-server spice-server-0.14.0-6.el7_6.1.x86_64 of Redhat's VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. It is not yet known if there will be other other effects.
Published Aug 22, 2023 · Updated Oct 3, 2024
Unknown · CVSS Not scored
Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers to run arbitrary code via returnUrl parameter in a crafted GET request.
Published Aug 22, 2023 · Updated Oct 3, 2024
Unknown · CVSS Not scored
Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS).
Published Aug 22, 2023 · Updated Oct 3, 2024
Unknown · CVSS Not scored
Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file.
Published Aug 22, 2023 · Updated Oct 3, 2024
Unknown · CVSS Not scored
Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file.
Published Aug 22, 2023 · Updated Oct 3, 2024
Unknown · CVSS Not scored
An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service.
Published Aug 22, 2023 · Updated Oct 3, 2024
Unknown · CVSS Not scored
A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information.
Published Aug 22, 2023 · Updated Oct 3, 2024
Unknown · CVSS Not scored
GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak.
Published Aug 22, 2023 · Updated Oct 3, 2024
Unknown · CVSS Not scored
Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file.
Published Aug 22, 2023 · Updated Oct 3, 2024
Unknown · CVSS Not scored
Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to cuase a denial of service via opening of crafted psd file.
Published Aug 22, 2023 · Updated Oct 3, 2024
Unknown · CVSS Not scored
Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file.
Published Aug 22, 2023 · Updated Oct 3, 2024
Unknown · CVSS Not scored
An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.
Published Aug 22, 2023 · Updated Oct 3, 2024
Unknown · CVSS Not scored
Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.
Published Aug 22, 2023 · Updated Oct 3, 2024
Unknown · CVSS Not scored
Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command.
Published Aug 22, 2023 · Updated Oct 3, 2024
Unknown · CVSS Not scored
Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp.
Published Aug 22, 2023 · Updated Oct 3, 2024
Unknown · CVSS Not scored
An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim's browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form.
Published Aug 25, 2023 · Updated Oct 2, 2024
Unknown · CVSS Not scored
Cross Site Scripting (XSS) vulnerability in wlscanresults.html in Humax HGB10R-02 BRGCAB version 1.0.03, allows local attackers to execute arbitrary code.
Published Aug 28, 2023 · Updated Oct 2, 2024
Unknown · CVSS Not scored
An issue found in Earcms Ear App v.20181124 allows a remote attacker to execute arbitrary code via the uload/index-uplog.php.
Published Aug 29, 2023 · Updated Oct 2, 2024