Page 320 of 14191 results (0.026 seconds)

CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1

24 Jan 2023 — Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221). Las versiones del paquete simple-git anteriores a la 3.16.0 son vulnerables a la ejecución remota de código (RCE) a través de los métodos clone(), pull(), push() y listRemote(), debido a una san... • https://github.com/steveukx/git-js/commit/ec97a39ab60b89e870c5170121cd9c1603cc1951 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0

24 Jan 2023 — Processing maliciously crafted web content may lead to arbitrary code execution. ... Francisco Alonso discovered that processing maliciously crafted web content may lead to arbitrary code execution. YeongHyeon Choi, Hyeon Park, SeOk JEON, YoungSung Ahn, JunSeo Bae and Dohyun Lee discovered that processing maliciously crafted web content may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213599 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0

24 Jan 2023 — Processing maliciously crafted web content may lead to arbitrary code execution. macOS Ventura 13.2 addresses buffer overflow, bypass, code execution, information leakage, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213531 •

CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0

24 Jan 2023 — Processing maliciously crafted web content may lead to arbitrary code execution. ... Francisco Alonso discovered that processing maliciously crafted web content may lead to arbitrary code execution. YeongHyeon Choi, Hyeon Park, SeOk JEON, YoungSung Ahn, JunSeo Bae and Dohyun Lee discovered that processing maliciously crafted web content may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213599 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0

24 Jan 2023 — Mounting a maliciously crafted Samba network share may lead to arbitrary code execution. macOS Ventura 13.2 addresses buffer overflow, bypass, code execution, information leakage, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213603 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 3

24 Jan 2023 — This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. • https://github.com/TurtleARM/CVE-2023-0179-PoC • CWE-190: Integer Overflow or Wraparound •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

23 Jan 2023 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through 2.3.0. La neutralización inadecuada de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en Brainstorm Force Spectra permite la inyección de código. Este problema afecta a Spectra: desde n/a hasta 2.3.0. The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to HTM... • https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-wordpress-gutenberg-blocks-plugin-2-3-0-unauthenticated-email-html-injection-vulnerability?_s_id=cve • CWE-20: Improper Input Validation CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

23 Jan 2023 — A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the <code>file://</code> context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefox < 109. USN-5816-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. • https://bugzilla.mozilla.org/show_bug.cgi?id=1538028 • CWE-326: Inadequate Encryption Strength •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

23 Jan 2023 — A duplicate <code>SystemPrincipal</code> object could be created when parsing a non-system html document via <code>DOMParser::ParseFromSafeString</code>. This could have lead to bypassing web security checks. This vulnerability affects Firefox < 109. USN-5816-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. • https://bugzilla.mozilla.org/show_bug.cgi?id=1802346 • CWE-863: Incorrect Authorization •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1

23 Jan 2023 — processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image. A vulnerability was found in libtiff. This vulnerability occurs due to an issue in processCropSelections in the tools/tiffcrop.c function in LibTIFF that has a heap-based buffer overflow (for example, "WRITE of size 307203") via a crafted TIFF image. It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed im... • https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5 • CWE-787: Out-of-bounds Write •