PT-2024-1562 · D Link · D-Link Go-Rt-Ac750

Name of the Vulnerable Software and Affected Versions: D-LINK Go-RT-AC750 version v101b03 Description: The issue is related to the sprintf function in the sub 40E700 function within the cgibin, which is susceptible to stack overflow. This can potentially allow a remote attacker to execute arbitra...

PT-2024-1552 · Vinchin · Vinchin Backup & Recovery

Name of the Vulnerable Software and Affected Versions: Vinchin Backup & Recovery version 7.2 Description: The issue is related to an authenticated remote code execution RCE vulnerability via the deleteUpdateAPK function. This vulnerability can be exploited by sending specially crafted POST...

PT-2024-13632 · Wwbn · Wwbn Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 Description: A cross-site scripting xss vulnerability exists in the function getOpenGraph videoName functionality. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a us...

PT-2024-13534 · Freeimage +1 · Freeimage +1

Name of the Vulnerable Software and Affected Versions: Freeimage version 3.18.0 Description: An integer overflow vulnerability in the LoadPixelDataRLE4 function in PluginBMP.cpp allows attackers to obtain sensitive information, cause a denial of service, and/or run arbitrary code. Recommendations...

PT-2024-6072 · FFmpeg +4 · Ffmpeg +4

Name of the Vulnerable Software and Affected Versions: FFmpeg version n6.1 Description: The issue is related to a heap buffer overflow vulnerability in the draw block rectangle function of libavfilter/vf codecview.c. This allows attackers to cause undefined behavior or a Denial of Service DoS via...

PT-2024-2670 · Yasm +2 · Yasm +2

Name of the Vulnerable Software and Affected Versions: YASM version 1.3.0.86.g9def Description: The issue in YASM is related to the expand mmac params function, which is associated with an uncontrolled consumption of resources. Exploitation of this issue may allow an attacker to cause a denial of...

PT-2023-32907 · Gopeak · Gopeak Masterlab

Name of the Vulnerable Software and Affected Versions: gopeak MasterLab versions up to 3.3.10 Description: A critical issue has been found in the HTTP POST Request Handler component, specifically affecting the function sqlInjectDelete of the file app/ctrl/framework/Feature.php. The manipulation o...

PT-2023-31764 · Tenda · Tenda W9

Name of the Vulnerable Software and Affected Versions: Tenda W9 version 1.0.0.74456 CN Description: A command injection issue was discovered via the formGetDiagnoseInfo function. Recommendations: For Tenda W9 version 1.0.0.74456 CN, consider disabling the formGetDiagnoseInfo function until a patc...

PT-2023-8314 · Tenda · Tenda W9

Name of the Vulnerable Software and Affected Versions: Tenda W9 version 1.0.0.74456 CN Description: The issue is related to a stack overflow vulnerability in the formSetUplinkInfo function of the Tenda W9 wireless access point's firmware, allowing an attacker to execute arbitrary code remotely by...

PT-2023-8317 · Tenda · Tenda I29

Name of the Vulnerable Software and Affected Versions: Tenda i29 version 1.0 V1.0.0.5 Description: The issue is related to a buffer overflow in the sysTimeInfoSet function, which can be triggered via the time parameter. This can potentially allow a remote attacker to execute arbitrary code...

PT-2023-31215 · Totolink · Totolink A7000R

Name of the Vulnerable Software and Affected Versions: TOTOLink A7000R version 9.1.0u.6115 B20201022 Description: The issue is a stack overflow vulnerability. It can be exploited via the setIpPortFilterRules function. Recommendations: For TOTOLink A7000R version 9.1.0u.6115 B20201022, as a...

PT-2023-32528 · WordPress · Welcart E-Commerce

Name of the Vulnerable Software and Affected Versions: Welcart e-Commerce plugin for WordPress versions up to, and including, 2.9.6 Description: The issue allows administrators to upload .pem or .crt files to arbitrary locations on the server via the upload certificate file function, making it...

PT-2023-31452 · Tenda · Tenda W30E

Name of the Vulnerable Software and Affected Versions: Tenda W30E version 16.01.0.124843 Description: A stack overflow issue was discovered via the function formUpgradeMeshOnline. Recommendations: For Tenda W30E version 16.01.0.124843, consider disabling the formUpgradeMeshOnline function until a...

PT-2023-30983 · Unknown · Appointment Scheduler

Name of the Vulnerable Software and Affected Versions: Appointment Scheduler version 3.0 Description: A lack of rate limiting in pjActionAjaxSend allows attackers to cause resource exhaustion. There is no information provided about the estimated number of potentially affected devices worldwide or...

PT-2023-7930 · Tinydir +1 · Tinydir +1

Name of the Vulnerable Software and Affected Versions: TinyDir versions prior to 1.2.6 Description: The issue is related to buffer overflows in the tinydir file open function, which can be exploited by a remote attacker to execute arbitrary code. TinyDir is a lightweight C directory and file...

PT-2023-8877 · Openlink +4 · Openlink Virtuoso-Opensource +4

Name of the Vulnerable Software and Affected Versions: openlink virtuoso-opensource version 7.2.11 Description: The issue is related to the box mpy function in openlink virtuoso-opensource, which allows attackers to cause a Denial of Service DoS after running a SELECT statement. This is due to...

PT-2023-8880 · Openlink +4 · Virtuoso-Opensource +4

Name of the Vulnerable Software and Affected Versions: virtuoso-opensource version 7.2.11 Description: The issue is related to insufficient input processing in the box col len function, which can be exploited by a remote attacker to cause a Denial of Service DoS after running a SELECT statement...

PT-2023-31017 · Openlink +1 · Openlink Virtuoso-Opensource +1

Name of the Vulnerable Software and Affected Versions: openlink virtuoso-opensource version 7.2.11 Description: An issue in the box deserialize reusing function allows attackers to cause a Denial of Service DoS after running a SELECT statement. Recommendations: For openlink virtuoso-opensource...

PT-2023-8648 · Libde265 +4 · Libde265 +4

Name of the Vulnerable Software and Affected Versions: Libde265 version 1.0.14 Description: The issue is related to a heap-buffer-overflow vulnerability in the derive combined bipredictive merging candidates function at motion.cc. This vulnerability may allow a remote attacker to impact the...

PT-2023-8649 · Libde265 +4 · Libde265 +4

Name of the Vulnerable Software and Affected Versions: Libde265 version 1.0.14 Description: The issue is related to a global buffer overflow vulnerability in the read coding unit function at slice.cc. This vulnerability may allow a remote attacker to impact the confidentiality, integrity, and...