SUSE CVE-2021-38373

In KDE KMail 19.12.3 aka 5.13.3, the SMTP STARTTLS option is not honored and cleartext messages are sent unless "Server requires authentication" is checked...

SUSE CVE-2022-24052

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

SUSE CVE-2022-24051

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

SUSE CVE-2022-24048

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

CVE-2022-40719

This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpdgeneric.lua plugin for the xupnpd service, which...

PT-2023-19075 · Unknown +1 · Opensearch +1

Name of the Vulnerable Software and Affected Versions: OpenSearch versions 1.0.0 through 1.3.7 OpenSearch versions 2.0.0 through 2.4.1 Description: There is an issue in the implementation of field-level security FLS and field masking where rules written to explicitly exclude fields are not...

CVE-2023-22458 Integer overflow in multiple Redis commands can lead to denial-of-service

Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not...

PT-2023-4833 · D Link · D-Link Dap-2622

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2622 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. The specific flaw exists within the DDP service, resulti...

CVE-2017-16325

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker...

PT-2023-2018 · Tp Link · Tp-Link Archer Ax21

Name of the Vulnerable Software and Affected Versions: TP-Link Archer AX21 versions affected versions not specified Description: The issue is caused by a stack-based buffer overflow in the tdpServer service of TP-Link Archer AX21 routers. This allows a remote attacker to execute arbitrary code on...

CVE-2022-44149

The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required...

CVE-2022-44149

The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required...

CVE-2022-44149

The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required...

PT-2023-3459 · Western Digital · Western Digital My Cloud Os 5

Name of the Vulnerable Software and Affected Versions: Western Digital My Cloud OS 5 versions prior to 5.26.300 Description: The issue is related to a post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices. This could allow an attacker to execute code ...

CVE-2022-43520

Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. An attacker could exploit these vulnerabilities...

PT-2023-14431

Name of the Vulnerable Software and Affected Versions: Nexxt Amp300 ARN02304U8 version 42.103.1.5095 Nexxt Amp300 ARN02304U8 version 80.103.2.5045 Description: The web service on Nexxt Amp300 ARN02304U8 devices allows remote OS command execution by placing in the JSON host field to the "ping"...

dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets

A vulnerability found in D-bus. This flaw allows an authenticated attacker to cause dbus-daemon and other programs that use libdbus to crash when receiving a message with specific invalid type signatures...

TOTOLINK LR350 缓冲区错误漏洞

TOTOLINK LR350 is a 4G LTE router from China's Gion Electronics TOTOLINK that supports converting 4G signals to wired signals for home and office scenarios. A buffer overflow vulnerability exists in the TOTOLINK LR350. The vulnerability stems from a buffer overflow after authentication via the...

PT-2022-24064 · Maarch Rm · Maarch Rm

Name of the Vulnerable Software and Affected Versions: Maarch RM version 2.8.3 Description: The issue concerns a broken access control vulnerability. When accessing specific documents, such as PDFs or emails, from an archive, the application proposes a preview. This preview generates a URL that...

ManageEngine ServiceDesk Plus getAsDoc XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of ManageEngine ServiceDesk Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the getAsDoc function. Due to the improper restriction of XML External...