275 matches found
PT-2024-32335 · Mattermost +1 · Mattermost +1
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.0 Mattermost versions 9.5.x through 9.5.8 Description: The issue arises from the failure to validate that the message of a permalink post is a string, allowing an attacker to send a non-string value as...
DEBIAN-CVE-2023-52915
In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035i2cmasterxfer In af9035i2cmasterxfer, msg is controlled by user. When msgi.buf is null and msgi.len is zero, former checks on msgi.buf would be passed. Malicious data finally...
CVE-2024-6003 Guangdong Baolun Electronics IP Network Broadcasting Service Platform maps sql injection
A vulnerability was found in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. It has been classified as critical. Affected is an unknown function of the file /api/v2/maps. The manipulation of the argument orderColumn leads to sql injection. It is possible to launch the...
CVE-2024-6003
CVE-2024-6003 affects Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. The vulnerability is in an unknown function of the file /api/v2/maps, caused by manipulation of the argument orderColumn that leads to SQL injection . It can be exploited remotely, and the exploit has...
Guangdong Baolun Electronics IP Network Broadcasting Service Platform SQL Injection Vulnerability
Guangdong Baolun Electronics IP Network Broadcasting Service Platform is an electronic IP network broadcasting service platform of Guangdong Baolun Electronics, China. A SQL injection vulnerability exists in the Guangdong Baolun Electronics IP Network Broadcasting Service Platform version 2.0,...
kernel: media: dvbdev: Fix memory leak in dvb_media_device_free()
A flaw was found in the Linux kernel. A missing memory release in the dvbmediadevicefree function in the drivers/media/dvb-core/dvbdev.c file can result in a memory leak...
kernel: out of bounds read in drivers/media/usb/dvb-usb/technisat-usb2.c
An out-of-bounds read flaw was found in the DVB USB subsystem of the Linux kernel. There was no boundary check applied to the array in struct technisatusb2state state-buf until the 0xff byte is encountered. If the byte is not encountered within the limit, an exposure of kernel data structure...
CVE-2023-52839
In the Linux kernel, the following vulnerability has been resolved: drivers: perf: Do not broadcast to other cpus when starting a counter This command: $ perf record -e cycles:k -e instructions:k -c 10000 -m 64M dd if=/dev/zero of=/dev/null count=1000 gives rise to this kernel warning: 444.364395...
UBUNTU-CVE-2023-52839
In the Linux kernel, the following vulnerability has been resolved: drivers: perf: Do not broadcast to other cpus when starting a counter This command: $ perf record -e cycles:k -e instructions:k -c 10000 -m 64M dd if=/dev/zero of=/dev/null count=1000 gives rise to this kernel warning: 444.364395...
CLSA-2024-1713791075 Fix of 12 CVEs
CVE-url: https://ubuntu.com/security/CVE-2024-23307 - md/raid5: fix atomicity violation in raid5cachecount CVE-url: https://ubuntu.com/security/CVE-2021-46932 - Input: appletouch - initialize work before device registration CVE-url: https://ubuntu.com/security/CVE-2021-46936 - net: fix...
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Insecure Direct Object Reference Vulnerability
Elber Cleber/3 Broadcast Multi-Purpose Platform version 1.0.0 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability. Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Device Config Vendor: Elber S.r.l. Product web page:...
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass Vulnerability
Elber Cleber/3 Broadcast Multi-Purpose Platform version 1.0.0 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the setpwd endpoint that enables...
CVE-2024-31680
CVE-2024-31680 affects Shibang Communications Co., Ltd. IP network intercom broadcasting system version 1.0. The vulnerability is a file upload flaw in the my_parser.php component, enabling a local attacker to execute arbitrary code. The available documents consistently describe this risk as a lo...
CVE-2024-31680
File Upload vulnerability in Shibang Communications Co., Ltd. IP network intercom broadcasting system v.1.0 allows a local attacker to execute arbitrary code via the myparser.php component...
CVE-2024-31680
File Upload vulnerability in Shibang Communications Co., Ltd. IP network intercom broadcasting system v.1.0 allows a local attacker to execute arbitrary code via the myparser.php component...
CVE-2024-3218 Shibang Communications IP Network Intercom Broadcasting System busyscreenshotpush.php path traversal
A vulnerability classified as critical has been found in Shibang Communications IP Network Intercom Broadcasting System 1.0. This affects an unknown part of the file /php/busyscreenshotpush.php. The manipulation of the argument jsondatacallee/jsondataimagename leads to path traversal: '../filedir...
CVE-2024-3218 Shibang Communications IP Network Intercom Broadcasting System busyscreenshotpush.php path traversal
A vulnerability classified as critical has been found in Shibang Communications IP Network Intercom Broadcasting System 1.0. This affects an unknown part of the file /php/busyscreenshotpush.php. The manipulation of the argument jsondatacallee/jsondataimagename leads to path traversal: '../filedir...
CVE-2024-3218
The CVE-2024-3218 entry affects Shibang Communications IP Network Intercom Broadcasting System v1.0, specifically the /php/busyscreenshotpush.php endpoint. The vulnerability arises from path traversal via manipulation of jsondata[callee]/jsondata[imagename] to escalate outside the intended direct...
kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible
A potential deadlock flaw was found in the Linux’s kernel DVB API used by Digital TV devices functionality. This flaw allows a local user to crash the system...
BIT-MATTERMOST-2023-48732
Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel...