21 matches found
CVE-2023-43848
Incorrect access control in the firewall management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter local firewall settings of the device as if they were the administrator via HTTP POST request...
Linux Distros Unpatched Vulnerability : CVE-2021-43848
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain...
Linux Distros Unpatched Vulnerability : CVE-2024-43848
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix TTLM teardown work The worker calculates the wrong sdata pointer, so if ...
CVE-2022-43848
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service. IBM X-Force ID: 239169...
CVE-2021-43848
h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...
CVE-2025-43848
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptpath0 variable takes user input e.g. a path to a model and passes it to the changeinfo function in processckpt.py, which uses it to...
CVE-2025-43848 GHSL-2025-018_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptpath0 variable takes user input e.g. a path to a model and passes it to the changeinfo function in processckpt.py, which uses it...
CVE-2025-43848
CVE-2025-43848 affects Retrieval-based-Voice-Conversion-WebUI (RVC-Project) up to version 2.2.231006. The flaw is unsafe deserialization in process_ckpt.py: ckpt_path0 accepts user input (e.g., a model path) and passes it to torch.load via change_info, enabling remote code execution. At publicati...
CVE-2024-43848
creationtimestamp| type| source ---|---|--- 2024-08-17 13:09:17+00:00| seen| https://t.me/cvedetector/3422...
CVE-2024-43848
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix TTLM teardown work The worker calculates the wrong sdata pointer, so if it ever runs, it'll crash. Fix that...
CVE-2023-43848
Incorrect access control in the firewall management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter local firewall settings of the device as if they were the administrator via HTTP POST request...
CVE-2023-43848
CVE-2023-43848 affects Aten PE6208 firewall management in the web interface. The issue is incorrect access control that lets remote authenticated users alter local firewall settings as if they were an administrator via HTTP POST. Affected versions include 2.3.228 and 2.4.232. Documented impact is...
CVE-2023-43848
Incorrect access control in the firewall management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter local firewall settings of the device as if they were the administrator via HTTP POST request...
CVE-2023-43848
Incorrect access control in the firewall management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter local firewall settings of the device as if they were the administrator via HTTP POST request...
FreeBSD : h2o -- uninitialised memory access in HTTP3 (1d3677a8-9143-42d8-84a3-0585644dff4b)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1d3677a8-9143-42d8-84a3-0585644dff4b advisory. - h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access...
CVE-2022-43848
CVE-2022-43848 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. A non-privileged local user can exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service (availability impact HIGH). The IBM bulletin lists specific APARs and iFixes across kernel, perfstat, pfcdd, NFS, TC...
Google Android Elevation of Privilege Vulnerability (CNVD-2022-43848)
Google Android is a Linux-based open source operating system from Google, Inc. The vulnerability stems from a post-release reuse and out-of-bounds write vulnerability in setClientStateLocked in SurfaceFlinger.cpp. An attacker could use this vulnerability to cause a local privilege escalation...
CVE-2021-43848
creationtimestamp| type| source ---|---|--- 2022-02-01 16:26:28+00:00| seen| https://t.me/cibsecurity/36627 2022-02-03 16:34:05+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/1471...
CVE-2021-43848 Unititialized memory access in h2o
h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...
CVE-2021-43848 Unititialized memory access in h2o
h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...