Lucene search
K

275 matches found

Positive Technologies
Positive Technologies
added 2024/09/26 12:0 a.m.13 views

PT-2024-32335 · Mattermost +1 · Mattermost +1

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.0 Mattermost versions 9.5.x through 9.5.8 Description: The issue arises from the failure to validate that the message of a permalink post is a string, allowing an attacker to send a non-string value as...

9.9CVSS6.5AI score0.97781EPSS
Exploits21References142
OSV
OSV
added 2024/09/06 9:15 a.m.2 views

DEBIAN-CVE-2023-52915

In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035i2cmasterxfer In af9035i2cmasterxfer, msg is controlled by user. When msgi.buf is null and msgi.len is zero, former checks on msgi.buf would be passed. Malicious data finally...

5.5CVSS5.4AI score0.00211EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/14 9:31 p.m.20 views

CVE-2024-6003 Guangdong Baolun Electronics IP Network Broadcasting Service Platform maps sql injection

A vulnerability was found in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. It has been classified as critical. Affected is an unknown function of the file /api/v2/maps. The manipulation of the argument orderColumn leads to sql injection. It is possible to launch the...

7.5CVSS7.5AI score0.00526EPSS
Exploits0References4
CVE
CVE
added 2024/06/14 9:31 p.m.81 views

CVE-2024-6003

CVE-2024-6003 affects Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. The vulnerability is in an unknown function of the file /api/v2/maps, caused by manipulation of the argument orderColumn that leads to SQL injection . It can be exploited remotely, and the exploit has...

7.5CVSS7.5AI score0.00526EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/06/14 12:0 a.m.5 views

Guangdong Baolun Electronics IP Network Broadcasting Service Platform SQL Injection Vulnerability

Guangdong Baolun Electronics IP Network Broadcasting Service Platform is an electronic IP network broadcasting service platform of Guangdong Baolun Electronics, China. A SQL injection vulnerability exists in the Guangdong Baolun Electronics IP Network Broadcasting Service Platform version 2.0,...

7.5CVSS8AI score0.00526EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/06/05 10:5 a.m.4 views

kernel: media: dvbdev: Fix memory leak in dvb_media_device_free()

A flaw was found in the Linux kernel. A missing memory release in the dvbmediadevicefree function in the drivers/media/dvb-core/dvbdev.c file can result in a memory leak...

5.5CVSS6.6AI score0.00242EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/05/22 10:3 a.m.7 views

kernel: out of bounds read in drivers/media/usb/dvb-usb/technisat-usb2.c

An out-of-bounds read flaw was found in the DVB USB subsystem of the Linux kernel. There was no boundary check applied to the array in struct technisatusb2state state-buf until the 0xff byte is encountered. If the byte is not encountered within the limit, an exposure of kernel data structure...

10CVSS6.8AI score0.07619EPSS
Exploits0References4
NVD
NVD
added 2024/05/21 4:15 p.m.31 views

CVE-2023-52839

In the Linux kernel, the following vulnerability has been resolved: drivers: perf: Do not broadcast to other cpus when starting a counter This command: $ perf record -e cycles:k -e instructions:k -c 10000 -m 64M dd if=/dev/zero of=/dev/null count=1000 gives rise to this kernel warning: 444.364395...

3.3CVSS6.3AI score0.00209EPSS
Exploits0References2
OSV
OSV
added 2024/05/21 4:15 p.m.6 views

UBUNTU-CVE-2023-52839

In the Linux kernel, the following vulnerability has been resolved: drivers: perf: Do not broadcast to other cpus when starting a counter This command: $ perf record -e cycles:k -e instructions:k -c 10000 -m 64M dd if=/dev/zero of=/dev/null count=1000 gives rise to this kernel warning: 444.364395...

3.3CVSS5.7AI score0.00209EPSS
Exploits0References5
OSV
OSV
added 2024/04/22 1:4 p.m.4 views

CLSA-2024-1713791075 Fix of 12 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-23307 - md/raid5: fix atomicity violation in raid5cachecount CVE-url: https://ubuntu.com/security/CVE-2021-46932 - Input: appletouch - initialize work before device registration CVE-url: https://ubuntu.com/security/CVE-2021-46936 - net: fix...

7.8CVSS6.9AI score0.0094EPSS
Exploits0References1
0day.today
0day.today
added 2024/04/22 12:0 a.m.247 views

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Insecure Direct Object Reference Vulnerability

Elber Cleber/3 Broadcast Multi-Purpose Platform version 1.0.0 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability. Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Device Config Vendor: Elber S.r.l. Product web page:...

7.5AI score
Exploits0
0day.today
0day.today
added 2024/04/22 12:0 a.m.255 views

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass Vulnerability

Elber Cleber/3 Broadcast Multi-Purpose Platform version 1.0.0 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the setpwd endpoint that enables...

7.7AI score
Exploits0
CVE
CVE
added 2024/04/16 12:0 a.m.60 views

CVE-2024-31680

CVE-2024-31680 affects Shibang Communications Co., Ltd. IP network intercom broadcasting system version 1.0. The vulnerability is a file upload flaw in the my_parser.php component, enabling a local attacker to execute arbitrary code. The available documents consistently describe this risk as a lo...

8.8CVSS7.5AI score0.0079EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/16 12:0 a.m.13 views

CVE-2024-31680

File Upload vulnerability in Shibang Communications Co., Ltd. IP network intercom broadcasting system v.1.0 allows a local attacker to execute arbitrary code via the myparser.php component...

8.7AI score0.0079EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/16 12:0 a.m.28 views

CVE-2024-31680

File Upload vulnerability in Shibang Communications Co., Ltd. IP network intercom broadcasting system v.1.0 allows a local attacker to execute arbitrary code via the myparser.php component...

7.4AI score0.0079EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/02 11:31 p.m.12 views

CVE-2024-3218 Shibang Communications IP Network Intercom Broadcasting System busyscreenshotpush.php path traversal

A vulnerability classified as critical has been found in Shibang Communications IP Network Intercom Broadcasting System 1.0. This affects an unknown part of the file /php/busyscreenshotpush.php. The manipulation of the argument jsondatacallee/jsondataimagename leads to path traversal: '../filedir...

5.5CVSS6.9AI score0.00651EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/04/02 11:31 p.m.25 views

CVE-2024-3218 Shibang Communications IP Network Intercom Broadcasting System busyscreenshotpush.php path traversal

A vulnerability classified as critical has been found in Shibang Communications IP Network Intercom Broadcasting System 1.0. This affects an unknown part of the file /php/busyscreenshotpush.php. The manipulation of the argument jsondatacallee/jsondataimagename leads to path traversal: '../filedir...

5.5CVSS5.9AI score0.00651EPSS
Exploits0References4
CVE
CVE
added 2024/04/02 11:31 p.m.48 views

CVE-2024-3218

The CVE-2024-3218 entry affects Shibang Communications IP Network Intercom Broadcasting System v1.0, specifically the /php/busyscreenshotpush.php endpoint. The vulnerability arises from path traversal via manipulation of jsondata[callee]/jsondata[imagename] to escalate outside the intended direct...

5.5CVSS5.6AI score0.00651EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/03/19 5:43 p.m.3 views

kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible

A potential deadlock flaw was found in the Linux’s kernel DVB API used by Digital TV devices functionality. This flaw allows a local user to crash the system...

5.5CVSS7.1AI score0.00413EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 10:58 a.m.23 views

BIT-MATTERMOST-2023-48732

Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel...

4.3CVSS4.1AI score0.00459EPSS
Exploits0References2
Rows per page
Query Builder