335 matches found
In Jasper 4.2.2 the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability allowing attackers to cause a denial of service attack through a specific image file.
...
PT-2024-24913 · Unknown · Skybridge Basic Mb-A130 +1
Name of the Vulnerable Software and Affected Versions: SkyBridge MB-A100/MB-A110 versions 4.2.2 and earlier SkyBridge BASIC MB-A130 versions 1.5.5 and earlier Description: The issue is related to improper neutralization of special elements used in a command, also known as 'Command Injection'. Thi...
Multiple Seiko Solutions Products Security Breach
Seiko Solutions SkyBridge MB-A100/A110 is an LTE-compatible IoT router from Seiko Solutions, Japan. A security vulnerability exists in SkyBridge MB-A100/MB-A110 version 4.2.2 and earlier, SkyBridge BASIC MB-A130 version 1.5.5 and earlier, which stems from a command injection vulnerability that ca...
CVE-2024-31744
In Jasper 4.2.2, the jpcstreamlistremove function in src/libjasper/jpc/jpcdec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file...
CVE-2024-31744
In Jasper 4.2.2, the jpcstreamlistremove function in src/libjasper/jpc/jpcdec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file...
CVE-2024-31744
CVE-2024-31744 affects Jasper 4.2.2. The jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure leading to a denial-of-service condition via a crafted image file. Public exploitation details are not provided in the included documents. The entry includes a CVSS...
UBUNTU-CVE-2024-3209
A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function getne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this...
CVE-2024-3209 UPX bele.h get_ne64 heap-based overflow
A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function getne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this...
PT-2024-4252 · Upx +1 · Upx +1
Name of the Vulnerable Software and Affected Versions: UPX versions up to 4.2.2 Description: A critical issue affects the get ne64 function of the bele.h file, leading to a heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The vendor was contacted early abo...
PT-2024-18483 · WordPress · Smart Custom Fields
Name of the Vulnerable Software and Affected Versions: Smart Custom Fields plugin for WordPress versions up to, and including, 4.2.2 Description: The issue arises from a missing capability check on the relational posts search function, allowing authenticated attackers with subscriber-level access...
PT-2023-31725 · Unknown · Com.Sdjictec.Qdmetro
Name of the Vulnerable Software and Affected Versions: com.sdjictec.qdmetro version 4.2.2 Description: An issue in the export component AdSdkH5Activity of com.sdjictec.qdmetro allows attackers to open a crafted URL without any filtering or checking. Recommendations: For version 4.2.2, consider...
Debian: Security Advisory (DSA-5547-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
AZL-31719 CVE-2023-46234 affecting package reaper for versions less than 3.1.1-9
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...
UBUNTU-CVE-2023-46234
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...
CVE-2023-46234
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...
PT-2023-9034 · Unknown +5 · Browserify-Sign +5
Name of the Vulnerable Software and Affected Versions: browserify-sign versions prior to 4.2.2 Description: The issue is related to an upper bound check problem in the dsaVerify function, which allows an attacker to construct signatures that can be successfully verified by any public key. This...
CVE-2023-4475
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master ADM allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below...
Privilege escalation
An Improper Privilege Management vulnerability was found in ASUSTOR Data Master ADM allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below...
CVE-2023-4475 An Arbitrary File Movement vulnerability was found on the ADM
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master ADM allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below...
CVE-2023-2910
Improper neutralization of special elements used in a command 'Command Injection' vulnerability in Printer service functionality in ASUSTOR Data Master ADM allows remote unauthorized users to execute arbitrary commands via unspecified vectors. Affected products and versions include: ADM 4.0.6.RIS...