Xen’s _get_page_type() contains an ABAC cmpxchg() race, where the code incorrectly assumes that if it reads a specific type_info value, and then later cmpxchg() succeeds, the type_info can’t have changed…
>> AUTHOR: deepcore
In mutt_decode_uuencoded(), the line length is read from the untrusted uuencoded part without validation. This could result in including private memory in replys, for example fragments of other messages, passphrases…
The code in cc::PaintImageReader::Read (cc::PaintImage*) does not properly check the incoming data when handling embedded image data, resulting in an out-of-bounds copy into the filter bitmap data.
Nginx version 1.20.0 suffers from a denial of service vulnerability.
Sashimi Evil OctoBot Tentacle is a python script that exploits a vulnerability that lies in the Tentacles upload functionality of the cryptocurrency trading bot OctoBot which is designed to be…
WordPress Visual Slide Box Builder plugin version 3.2.9 suffers from a remote SQL injection vulnerability.
WordPress Visual Slide Box Builder plugin version 3.2.9 suffers from a remote SQL injection vulnerability.
https://sanpong.go.th/riz.htm notified by ./Tikus_HaXoR
Nginx 1.20.0 – Denial of Service (DOS)
On Windows 11, the Kerberos SSP’s KerbRetrieveEncodedTicketMessage message can be used to get an arbitrary service ticket and session key from an AppContainer even without the enterprise authentication capability leading…