PT-2024-20227 · Jsherp · Jsherp

Name of the Vulnerable Software and Affected Versions: jshERP version 3.3 Description: The issue allows an attacker to construct a malicious payload to bypass the protection mechanism of jshERP via the com.jsh.erp.controller.DepotHeadController and the findallocationDetail function of...

PT-2024-3069 · Uamqp +2 · Uamqp +2

Name of the Vulnerable Software and Affected Versions: uAMQP affected versions not specified Description: The issue is related to the open get offered capabilities function in the uAMQP library, which is a general-purpose C library for AMQP 1.0. A memory allocation failure during this function ca...

PT-2024-6392

Name of the Vulnerable Software and Affected Versions: gpac version 2.2.1 Description: The issue is related to a memory leak in the gf fileio from blob function, specifically via the gfio blob variable. This can be exploited by a remote attacker to cause a denial of service. The memory leak is du...

PT-2024-6390 · Gpac +2 · Gpac +2

Name of the Vulnerable Software and Affected Versions: gpac version 2.2.1 Description: The issue is related to a memory leak in the gf filter pid merge properties internal function, specifically via the dst props variable. This can be exploited by a remote attacker to cause a denial of service. T...

PT-2024-6391 · Gpac +2 · Gpac +2

Name of the Vulnerable Software and Affected Versions: GPAC version 2.2.1 Description: The issue is related to a Use-After-Free UAF vulnerability in the dasher configure pid function. This vulnerability can be exploited by a remote attacker to cause a denial of service. The dasher configure pid...

PT-2024-20329 · Unknown · Mediaserver

Name of the Vulnerable Software and Affected Versions: media-server version 1.0.0 Description: The issue is related to a Use-After-Free UAF vulnerability. This vulnerability occurs when the sip subscribe remove function is used. The UAF vulnerability is a type of memory corruption bug that can...

PT-2024-17381 · Openbi · Openbi

Name of the Vulnerable Software and Affected Versions: openBI versions up to 6.0.3 Description: A critical vulnerability was found in the function addxinzhi of the file application/controllers/User.php of the component Phar Handler. The manipulation of the argument outimgurl leads to...

PT-2024-1317 · Totolink · Totolink N200Re

Name of the Vulnerable Software and Affected Versions: Totolink N200RE version 9.3.5u.6139 B20201216 Description: A critical issue has been found in the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi, where the manipulation of the argument lang leads to a stack-based buffer overflow. Th...

PT-2024-1312 · Tenda · Tenda I6

Name of the Vulnerable Software and Affected Versions: Tenda i6 version 1.0.0.93857 Description: A critical issue was found in the formSetAutoPing function of the httpd component, specifically in the file /goform/setAutoPing. The manipulation of the ping1 argument leads to a stack-based buffer...

PT-2024-15940 · Unknown · Flink-Extended Ai-Flow +1

Name of the Vulnerable Software and Affected Versions: flink-extended ai-flow version 0.3.1 Description: A critical issue has been found, affecting the function cloudpickle.loads of the file ai flowclicommandsworkflow command.py. This issue leads to deserialization and can be exploited remotely...

PT-2024-1372 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10U versions 15.03.06.49 multi TDE01 Description: The issue is related to a buffer overflow vulnerability in the fromAddressNat function of the Tenda AC10U router's firmware. This vulnerability can be exploited remotely, potentially...

PT-2024-14369 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R version 9.4.0cu.852 B20230719 Description: An issue in TOTOLINK X6000R allows attackers to run arbitrary commands via the sub 41284C function. Recommendations: For TOTOLINK X6000R version 9.4.0cu.852 B20230719, consider...

PT-2024-11023 · Unknown · Contiki-Ng Tinydtls

Name of the Vulnerable Software and Affected Versions: Contiki-NG tinyDTLS through master branch 53a0d97 Description: An assertion failure in the check certificate request function allows attackers to cause a denial of service. This issue affects Contiki-NG tinyDTLS, enabling attackers to exploit...

PT-2024-15795 · Mldong · Mldong

Name of the Vulnerable Software and Affected Versions: mldong version 1.0 Description: A critical issue has been found in mldong, affecting the ExpressionEngine function of the file com/mldong/modules/wf/engine/model/DecisionModel.java. This issue leads to code injection and can be initiated...

PT-2024-1253 · Totolink · Totolink Lr1200Gb

Name of the Vulnerable Software and Affected Versions: Totolink LR1200GB version 9.1.0u.6619 B20230130 Description: A critical issue has been identified, affecting the setDiagnosisCfg function of the /cgi-bin/cstecgi.cgi file. The manipulation of the ip argument leads to a stack-based buffer...

PT-2024-1461 · Tenda · Tenda W9

Name of the Vulnerable Software and Affected Versions: Tenda W9 version 1.0.0.74456 Description: The issue is related to a critical vulnerability in the setWrlBasicInfo function of the httpd component. This vulnerability allows for a stack-based buffer overflow due to the manipulation of the...

PT-2024-1562 · D Link · D-Link Go-Rt-Ac750

Name of the Vulnerable Software and Affected Versions: D-LINK Go-RT-AC750 version v101b03 Description: The issue is related to the sprintf function in the sub 40E700 function within the cgibin, which is susceptible to stack overflow. This can potentially allow a remote attacker to execute arbitra...

PT-2024-1552 · Vinchin · Vinchin Backup & Recovery

Name of the Vulnerable Software and Affected Versions: Vinchin Backup & Recovery version 7.2 Description: The issue is related to an authenticated remote code execution RCE vulnerability via the deleteUpdateAPK function. This vulnerability can be exploited by sending specially crafted POST...

PT-2024-13632 · Wwbn · Wwbn Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 Description: A cross-site scripting xss vulnerability exists in the function getOpenGraph videoName functionality. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a us...

PT-2024-13534 · Freeimage +1 · Freeimage +1

Name of the Vulnerable Software and Affected Versions: Freeimage version 3.18.0 Description: An integer overflow vulnerability in the LoadPixelDataRLE4 function in PluginBMP.cpp allows attackers to obtain sensitive information, cause a denial of service, and/or run arbitrary code. Recommendations...