SAMSUNG SmartThings 安全漏洞

SAMSUNG SmartThings is an application from Samsung South Korea that connects smart devices. A security vulnerability exists in SAMSUNG SmartThings versions prior to 1.8.13.22, which stems from improper data validation by the broadcast receiver...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices due to improper data validation by the broadcast receiver. The following products and versio...

CVE-2024-27327

PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must vis...

CVE-2024-27328

CVE-2024-27328 affects PDF-XChange Editor via EMF file parsing, where improper validation leads to a read past the end of an allocated buffer. This out-of-bounds read can disclose sensitive information and, per sources, may be leveraged with other vulnerabilities to execute arbitrary code in the ...

The vulnerability of the microprogrammed software of the PowerFlex 527 variable frequency converter, related to insufficient validation of input data, allows a intruder to trigger a service failure.

The vulnerability of the microprogrammed software of the PowerFlex 527 variable frequency converter is related to insufficient verification of input data. Exploiting this vulnerability could allow an attacker operating remotely to cause malfunctions in the device’s operation...

CVE-2024-2844

The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajaxcancelappointment function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders...

CVE-2024-2844

CVE-2024-2844 concerns the Easy Appointments WordPress plugin. The vulnerability arises from insufficient user validation in ajax_cancel_appointment(), allowing an unauthenticated attacker to cancel other users’ orders. Affected version range includes all versions up to and including 3.11.18. The...

RT-Thread at_server.c file buffer overflow vulnerability

RT-Thread is an open source IoT real-time operating system RTOS open-sourced by RT-Thread. RT-Thread suffers from a buffer overflow vulnerability that stems from net/at/src/atserver.c failing to properly validate the length size of input data, which can be exploited by remote attackers to execute...

Siemens Simcenter Femap MODEL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Foxit PDF Reader AcroForm Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of D...

Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...

Foxit PDF Reader U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3...

Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Foxit PDF Reader template Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Autodesk DWG TrueView DWG File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk DWG TrueView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing ...

CVE-2024-29194 OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation

OneUptime is a solution for monitoring and managing online services. The vulnerability lies in the improper validation of client-side stored data within the web application. Specifically, the ismasteradmin key, stored in the local storage of the browser, can be manipulated by an attacker. By...

FreeImage FreeImage_CreateICCProfile function buffer overflow vulnerability

FreeImage is a cross-platform open source library for supporting popular graphic image formats. FreeImage suffers from a buffer overflow vulnerability that originates from the program failing to properly validate the length and size of input data, which can be exploited by an attacker to cause a...

The vulnerability of the Windows operating system’s kernel, which allows a hacker to trigger a service failure

The vulnerability of Windows operating system kernels is related to insufficient checking of input data. Exploiting this vulnerability can allow an attacker to cause a service failure using specially created data...

The vulnerability of the DCH-compatible Thunderbolt driver, related to the lack of data validation during operation, allows a hacker to trigger a service failure.

The vulnerability of the DCH-compatible Thunderbolt driver is related to the lack of data validation during return operations. Exploiting this vulnerability can allow an attacker to cause a service failure...

ROS-2-471

2.471 Multiple Vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...