Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-30123: git.videolan.org Git - ffmpeg.git/commitdiff

FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution.

CVE

Related news

GridPro Request Management For Windows Azure Pack 2.0.7905 Directory Traversal

GridPro Request Management for Windows Azure Pack versions 2.0.7905 and below suffer from a traversal vulnerability that can allow for arbitrary execution of Powershell scripts.

CVE-2021-40371: Request Management - Gridpro

Gridpro Request Management for Windows Azure Pack before 2.0.7912 allows Directory Traversal for remote code execution, as demonstrated by ..\\ in a scriptName JSON value to ServiceManagerTenant/GetVisibilityMap.

WordPress Duplicator 1.3.26 Arbitrary File Read

WordPress Duplicator plugin version 1.3.26 suffers from an unauthenticated arbitrary file read vulnerability.

Alchemy CMS 6.0.0 Arbitrary File Upload

Alchemy CMS versions 2.x through 6.0.0 suffers from an arbitrary file upload vulnerability.

CVE-2019-9060: CMS Made Simple™ Newsletter - News

An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename parameter; and through the action.showmessage.php file, it is possible to read arbitrary file content (by using that path traversal with m1_prefname set to cg_errormsg and m1_resettodefault=1).

CVE-2020-19609: git.ghostscript.com Git - mupdf.git/commit

Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service.

CVE-2021-3287: Read me | OpManager Help

Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.

CVE-2020-36193: Disallow symlinks to out-of-path filenames · pear/Archive_Tar@cde4605

Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.

CVE-2018-10289: 699271 – Infinite Loop in fz_skip_space (source/pdf/pdf-xref.c)

In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907