PT-2022-10337 · Zephyr · Zephyr

Name of the Vulnerable Software and Affected Versions: Zephyr versions = v2.5.0 Description: A stack-based buffer overflow issue exists in the le ecred conn req function. This issue is related to a stack-based buffer overflow, which can be exploited. Recommendations: For Zephyr versions = v2.5.0,...

PT-2022-11429 · Silverstripe · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/framework versions 4.8.1 through 4.10.9 Description: The issue is related to a quadratic blowup in the Convert::xml2array function, which can be exploited via a crafted XML document to enable a remote attack...

PT-2022-11729 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200T version 4.1.2cu.5215 Description: The issue concerns a remote command injection vulnerability. It is located in the setDeviceMac function of the global.so file, allowing control over the deviceName to launch an attack...

PT-2022-3038 · Ntfs-3G +9 · Ntfs-3G +9

Name of the Vulnerable Software and Affected Versions: NTFS-3G versions through 2021.8.22 Description: A crafted NTFS image can cause a heap-based buffer overflow in the ntfs check log client array function. This issue is related to the NTFS file system for the FUSE NTFS-3G module and is associat...

PT-2022-9838 · Xpdf +1 · Xpdf +1

Name of the Vulnerable Software and Affected Versions: xpdf version 4.03 Description: The issue is related to a Null Pointer Dereference in the XFAScanner::scanNode function, located in XFAScanner.cc. This problem can lead to potential crashes or other unintended behavior when the function is...

PT-2022-2680 · Pjsip +2 · Pjsip +2

Name of the Vulnerable Software and Affected Versions: PJSIP versions 2.12 and prior Description: The issue is related to the implementation of the pjmedia rtcp fb parse rpsi function in the PJSIP multimedia communication library. It is associated with a buffer overflow in memory when processing ...

PT-2022-18802 · Htmldoc +3 · Htmldoc +3

Name of the Vulnerable Software and Affected Versions: htmldoc version 31f7804 Description: A flaw was found in htmldoc, where a heap buffer overflow in the function pdf write names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service DoS. Recommendations: For htmldoc version...

PT-2022-17287 · Tenda · Tenda Ac9

Name of the Vulnerable Software and Affected Versions: Tenda AC9 version 15.03.2.21 Description: The issue is related to multiple stack overflows that can occur via the NPTR, V12, V10, and V11 parameters in the Formsetqosband function. This can potentially lead to exploitation. Recommendations: F...

PT-2022-3854 · Totolink · Totolink A3100R +5

Name of the Vulnerable Software and Affected Versions: TOTOLINK A800R version 4.1.2cu.5137 B20200730 TOTOLINK A810R version 4.1.2cu.5182 B20201026 TOTOLINK A830R version 5.9c.4729 B20191112 TOTOLINK A3000RU version 5.9c.5185 B20201128 TOTOLINK A3100R version 4.1.2cu.5050 B20200504 TOTOLINK A950RG...

PT-2022-1373 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel versions affected versions not specified Description: The issue is related to an integer overflow in the rndis set response function of the rndis.c file, which could lead to a local escalation of privilege. This can occur if a...

PT-2022-17727 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: Totolink X5000R Firmware version 9.1.0u.6118 B20201102 Description: The issue is related to a command injection vulnerability in the setNtpCfg function, specifically via the tz parameters. This allows attackers to execute arbitrary commands b...

PT-2022-17218 · Unknown · Rigoblock Dragos

Name of the Vulnerable Software and Affected Versions: RigoBlock Dragos through 2022-02-17 Description: The issue is related to the lack of the onlyOwner modifier for setMultipleAllowances, which enables token manipulation. This has been exploited in the wild in February 2022. A major protocol...

PT-2022-7204 · Unknown +2 · Stb Image.H +2

Name of the Vulnerable Software and Affected Versions: stb image.h version 2.27 Description: The issue is related to an integer overflow in the stbi jpeg decode block prog dc function, which can be exploited by attackers to cause a Denial of Service DoS via unspecified vectors. This can allow a...

PT-2022-1945 · Tp Link · Tp-Link Tl-Wr840N

Name of the Vulnerable Software and Affected Versions: TP-LINK TL-WR840NES version V6.20 180709 Description: The issue is related to a remote code execution vulnerability via the function oal wan6 setIpAddr. This vulnerability is associated with the lack of neutralization of special elements when...

PT-2022-12382 · Totolink · Totolink A720R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A720R version 4.1.5cu.470 B20200911 Description: A stack overflow was discovered in the setWiFiWpsStart function, allowing attackers to cause a Denial of Service DoS via the pin parameter. Recommendations: For TOTOLINK A720R version...

PT-2022-7549 · Hdf5 +2 · Hdf5 +2

Name of the Vulnerable Software and Affected Versions: HDF5 version 1.13.1-1 Description: The issue is related to an untrusted pointer dereference vulnerability in the function H5O dtype decode helper at hdf5/src/H5Odtype.c in the HDF5 library. This vulnerability can lead to a Denial of Service D...

PT-2022-12507 · Gnu +3 · Gnu Recutils +3

Name of the Vulnerable Software and Affected Versions: GNU Recutils version 1.8.90 Description: The issue is related to an Use-After-Free vulnerability in the rec record destroy function at rec-record.c. This vulnerability can lead to a segmentation fault or application crash. Recommendations: Fo...

PT-2022-12508 · Gnu +3 · Gnu Recutils +3

Name of the Vulnerable Software and Affected Versions: GNU Recutils version 1.8.90 Description: The issue is related to an Use-After-Free vulnerability in the rec mset elem destroy function at rec-mset.c. This vulnerability can lead to a segmentation fault or application crash. Recommendations: F...

PT-2022-12393 · Gpac · Gpac

Name of the Vulnerable Software and Affected Versions: GPAC version 1.1.0 Description: The issue is related to an invalid call in the gf node changed function, which can lead to a Denial of Service DoS. Recommendations: For GPAC version 1.1.0, consider disabling the gf node changed function as a...

PT-2022-12524 · Gpac · Gpac

Name of the Vulnerable Software and Affected Versions: GPAC version 1.0.1 Description: A Pointer Dereference Vulnerability exists in the gf list count function, which causes a Denial of Service. Recommendations: For GPAC version 1.0.1, consider disabling the gf list count function as a temporary...