PT-2023-5085 · Milesight · Milesight Ur32L

Name of the Vulnerable Software and Affected Versions: Milesight UR32L version 32.3.0.5 Description: The issue is caused by a buffer overflow vulnerability in the handle interface acl function of the vtysh ubus binary, due to the use of an unsafe sprintf pattern. This can be triggered by a...

PT-2023-4241 · Tenda · Tenda F1203 +5

Name of the Vulnerable Software and Affected Versions: Tenda AC6 version 2.0 V15.03.06.23 Tenda AC7 version 1.0 V15.03.06.44 Tenda F1203 version 2.0.1.6 Tenda AC5 version 1.0 V15.03.06.28 Tenda FH1203 version 2.0.1.6 Tenda AC9 version 3.0 V15.03.06.42 multi Tenda FH1205 version 2.0.0.7775...

PT-2023-12517 · WordPress · Elasticpress

Name of the Vulnerable Software and Affected Versions: ElasticPress plugin for WordPress versions up to, and including, 3.5.3 Description: The issue is due to missing or incorrect nonce validation on the epio send autosuggest allowed function, making it possible for unauthenticated attackers to...

PT-2023-4826 · Libtiff +7 · Libtiff +7

Name of the Vulnerable Software and Affected Versions: libtiff version 4.5.0 Description: The issue is caused by a buffer overflow on the stack in the uv encode function of the LibTIFF library. This can occur when the library reads a corrupted little-endian TIFF file and specifies the output to b...

PT-2023-23747 · Mccms · Mccms

Name of the Vulnerable Software and Affected Versions: mccms versions up to 2.6.5 Description: A critical issue has been found, affecting the pic save function of the file sys/apps/controllers/admin/Comic.php. The manipulation of the pic argument leads to server-side request forgery, which can be...

PT-2023-3751 · Tp Link · Tp-Link Ec-70

Name of the Vulnerable Software and Affected Versions: TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 Description: The issue is related to a buffer overflow in the tpsocket base64 decode function of the TP-Link EC-70 camera's firmware. This buffer overflow can be exploited by a remo...

PT-2024-20949 · Imlib2 +1 · Imlib2 +1

Name of the Vulnerable Software and Affected Versions: imlib2 version 1.9.1 Description: An issue in the imlib load image with error return function allows attackers to cause a heap buffer overflow via parsing a crafted image. Recommendations: For imlib2 version 1.9.1, consider disabling the imli...

PT-2023-24436 · Nanomq · Nanomq

Name of the Vulnerable Software and Affected Versions: NanoMQ version 0.17.2 Description: A use-after-free issue exists due to improper data tracing. This can be triggered by calling the function nni mqtt msg get publish property in the file mqtt msg.c, potentially allowing an attacker to cause a...

PT-2023-24403 · Unknown · Imperial Cms

Name of the Vulnerable Software and Affected Versions: Imperial CMS version 7.5 Description: The issue allows for arbitrary file deletion via the DelspReFile function in the /sp/ListSp.php API endpoint. Attackers can exploit this by sending a crafted POST request to the vulnerable endpoint...

PT-2023-10294 · Unknown · Realfavicongenerator Favicon Plugin

Name of the Vulnerable Software and Affected Versions: RealFaviconGenerator Favicon Plugin versions up to 1.2.12 Description: A problematic vulnerability has been found in the RealFaviconGenerator Favicon Plugin, affecting the install new favicon function of the file...

PT-2023-24438 · Nanomq · Nanomq

Name of the Vulnerable Software and Affected Versions: NanoMQ version 0.17.2 Description: A heap buffer overflow issue exists, which can be triggered by calling the function nmq subinfo decode in the file mqtt parser.c. This can be exploited to cause a denial of service attack. Recommendations: F...

PT-2023-23072 · Code Projects · Agro-School Management System

Name of the Vulnerable Software and Affected Versions: code-projects Agro-School Management System version 1.0 Description: A critical issue has been found in the system. The doUpdateQuestion function of the file btn functions.php is affected. The manipulation of the question id argument leads to...

PT-2023-4212 · Tenda · Tenda Ac8

Name of the Vulnerable Software and Affected Versions: Tenda AC8 versions prior to V16.03.34.06 Description: The issue is related to a buffer overflow in the fromSetWifiGusetBasic function of the Tenda AC8 router's firmware. This could allow a remote attacker to cause a denial of service. The...

PT-2023-10826 · Sea75300 · Fanpress Cm

Name of the Vulnerable Software and Affected Versions: sea75300 FanPress CM versions up to 3.6.3 Description: A vulnerability was found in the Template Preview component, specifically affecting the getArticlesPreview function of the file inc/controller/action/system/templatepreview.php. This issu...

PT-2023-24379 · Unknown +1 · Erofs-Utils +1

Name of the Vulnerable Software and Affected Versions: erofs-utils version 1.6 Description: The issue is related to a Heap Buffer Overflow in the erofsfsck dirent iter function in fsck/main.c. This allows remote attackers to execute arbitrary code via a crafted erofs filesystem image...

PT-2023-21929 · Unknown · Twister Antivirus

Name of the Vulnerable Software and Affected Versions: Twister Antivirus version 8 Description: A problematic issue has been found in the function 0x804f2158/0x804f2154/0x804f2150/0x804f215c/0x804f2160/0x80800040/0x804f214c/0x804f2148/0x804f2144/0x801120e4/0x804f213c/0x804f2140 in the library...

PT-2023-24498 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A stored cross-site scripting XSS issue exists in the Create Contact Roles function, specifically at the /tenancy/contact-roles/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by...

PT-2023-24490 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A stored cross-site scripting XSS issue exists in the Create Tenant Groups function, specifically at the /tenancy/tenant-groups/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by...

PT-2023-28311 · Unknown +2 · Openimageio +2

Name of the Vulnerable Software and Affected Versions: OpenImageIO oiio version 2.4.12.0 Description: The issue allows a remote attacker to execute arbitrary code and cause a denial of service via the read subimage data function. Recommendations: For OpenImageIO oiio version 2.4.12.0, consider...

PT-2023-22532 · Cesanta · Cesanta Mjs

Name of the Vulnerable Software and Affected Versions: Cesanta MJS version 1.26 Description: A Buffer Overflow issue allows a local attacker to cause a denial of service via the mjs mk string function in mjs.c. This issue can be exploited to disrupt service. Recommendations: For Cesanta MJS versi...