CVE-2023-45598

A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

Design/Logic Flaw

A CWE-646 “Reliance on File Name or Extension of Externally-Supplied File” vulnerability in the “iec61850” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version...

CVE-2023-45598

Summary: CVE-2023-45598 affects AiLux imx6 bundle prior to version imx6_1.0.7-2, via a vulnerability in the web application’s “measure” functionality. The root cause is a CWE-425 Direct Request (Forced Browsing)/Missing Authorization, allowing a remote unauthenticated attacker to access confident...

CVE-2023-45598

A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

CVE-2024-25164

iA Path Traversal vulnerability exists in iDURAR v2.0.0, that allows unauthenticated attackers to expose sensitive files via the download functionality...

Path traversal

iA Path Traversal vulnerability exists in iDURAR v2.0.0, that allows unauthenticated attackers to expose sensitive files via the download functionality...

PT-2024-1976 · Vmware · Vmware Esxi +3

Name of the Vulnerable Software and Affected Versions: VMware ESXi affected versions not specified VMware Workstation affected versions not specified VMware Fusion affected versions not specified VMware Cloud Foundation affected versions not specified Description: The issue is related to an...

CVE-2024-27626

A Reflected Cross-Site Scripting XSS vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel...

CVE-2024-1936

The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. Whil...

CVE-2021-47108

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: hdmi: Perform NULL pointer check for mtkhdmiconf In commit 41ca9caaae0b "drm/mediatek: hdmi: Add check for CEA modes only" a check for CEA modes was added to function mtkhdmibridgemodevalid in order to address...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: hdmi: Perform NULL pointer check for mtkhdmiconf In commit 41ca9caaae0b "drm/mediatek: hdmi: Add check for CEA modes only" a check for CEA modes was added to function mtkhdmibridgemodevalid in order to address...

CVE-2024-25164

iA Path Traversal vulnerability exists in iDURAR v2.0.0, that allows unauthenticated attackers to expose sensitive files via the download functionality...

CVE-2024-25164

iA Path Traversal vulnerability exists in iDURAR v2.0.0, that allows unauthenticated attackers to expose sensitive files via the download functionality...

CVE-2023-52477 usb: hub: Guard against accesses to uninitialized BOS descriptors

In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev-bos without checking if it was allocated and initialized. If...

CVE-2024-1288

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saswpreviewsformrender' function in all versions up to, and including, 1.26. This makes it possible for authenticated attackers, with...

CVE-2024-1128

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.6.0. This is due to insufficient sanitization of HTML input in the Q&A functionality. This makes it possible for authenticated attackers, with Student...

WordPress Plugin Tutor LMS Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

NVIDIA D3D10 Driver Shader Functionality out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2023-1849 NVIDIA D3D10 Driver Shader Functionality out-of-bounds read vulnerability February 29, 2024 CVE Number CVE-2024-0071 SUMMARY An out-of-bounds read vulnerability exists in the Shader functionality of NVIDIA D3D10 Driver, Version 546.01, 31.0.15.4601. A...

NI FlexLogger TagHistorian Missing Authorization Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of NI FlexLogger. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TagHistorian...

NI FlexLogger DocumentManager Missing Authorization Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of NI FlexLogger. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DocumentManager...