70 matches found
PT-2025-2594 · Ibm · Ibm Sterling B2B Integrator
Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator versions 6.0.0.0 through 6.1.2.5 IBM Sterling B2B Integrator versions 6.2.0.0 through 6.2.0.3 Description: The issue allows a privileged user to embed arbitrary JavaScript code in the Web UI, altering the intended...
PT-2025-2780 · Unknown · Graphics Ddk
Name of the Vulnerable Software and Affected Versions: Graphics DDK version = 24.2 RTM2 Description: The kernel software installed and running inside a guest virtual machine VM can send improper commands to the GPU firmware, allowing it to read data outside the guest's virtualized GPU memory. Thi...
PT-2024-10475 · Gstreamer +10 · Gstreamer +10
Name of the Vulnerable Software and Affected Versions: GStreamer versions prior to 1.24.10 Description: The issue is related to an integer overflow in the memory reallocation process. The program attempts to reallocate memory to accommodate a certain number of elements, but if the value read from...
PT-2024-16394 · Safenet · Esafenet Cdg 5
Name of the Vulnerable Software and Affected Versions: ESAFENET CDG 5 Description: A critical vulnerability has been found in ESAFENET CDG 5, affecting the function delPolicyAction of the file /com/esafenet/servlet/system/PolicyActionService.java. The manipulation of the argument id leads to SQL...
PT-2024-39322 · WordPress · Zita Elementor Site Library
Name of the Vulnerable Software and Affected Versions: Zita Elementor Site Library plugin for WordPress versions up to, and including, 1.6.3 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allow...
PT-2024-4654 · Tibco · Spotfire For Aws Marketplace +2
Name of the Vulnerable Software and Affected Versions: Spotfire Analyst versions 12.0.9 through 12.5.0 Spotfire Analyst versions 14.0 through 14.0.2 Spotfire Server versions 12.0.10 through 12.5.0 Spotfire Server versions 14.0 through 14.0.3 Spotfire Server versions 14.2.0 through 14.3.0 Spotfire...
PT-2024-23416
Name of the Vulnerable Software and Affected Versions Metagauss ProfileGrid versions through 5.7.8 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecting...
PT-2024-22630 · WordPress · Wp-Lister Lite For Amazon
Name of the Vulnerable Software and Affected Versions: WP-Lister Lite for Amazon versions 2.6.11 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This enables potential...
PT-2024-2599 · Tenda · Tenda Ac7
Name of the Vulnerable Software and Affected Versions: Tenda AC7 version 15.03.06.44 Description: A critical vulnerability was found in the function formQuickIndex of the file /goform/QuickIndex, which can be exploited remotely. The manipulation of the argument PPPOEPassword leads to a stack-base...
PT-2024-19058 · Unknown · Concrete Cms
Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 9.0.0 through 9.2.6 Description: The issue is related to insufficient validation of administrator-provided data for the Name field of a Group type, allowing a rogue administrator to inject malicious code, which might be...
PT-2024-15628 · WordPress · The Royal Elementor Addons/Templates
Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons and Templates plugin for WordPress versions up to, and including, 1.3.87 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the add to wishlist function...
Return value of ETH
Lines of code Vulnerability details Impact It is recommended that the return values of ether transfers be checked, however if transfer to the hardcoded address fails, it does not revert. Proof of Concept uint256 sc = uint256uint1600x0000000000000000000000000000000000000000; assembly "memory-safe"...
Calculating the previous pool's 'cumulativeRewardFactor' from the current pool incorrectly calculates the reward.
Lines of code Vulnerability details Impact When we updated a transcoder with rewards and then try to update a transcoder with fees, it incorrectly calculates the reward generated in the current round for that transcoder, which also incorrectly calculates the previous pool's cumulativeRewardFactor...
PT-2023-15659 · WordPress · Wp Tiles
Name of the Vulnerable Software and Affected Versions: WP Tiles WordPress plugin versions 1.1.2 and earlier Description: The issue concerns the WP Tiles WordPress plugin, which does not properly validate and escape certain shortcode attributes before outputting them in a page or post. This could...
Snap One Wattbox WB-300-IP-3
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Snap One Equipment: Wattbox WB-300-IP -3 Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Heap-based Buffer Overflow, Plaintext Storage of a Password, Insufficient Verificatio...
hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715
A flaw was found in hw. The speculative execution window of AMD LFENCE/JMP mitigation MITIGATION V2-2 may be large enough to be exploited on AMD CPUs...
RHEL 7 : kernel-rt (RHSA-2023:0400)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0400 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...
Elastic Stack 7.17.4 and 8.2.1 Security Update
Elastic Stack update for CVE-2022-21449 Java vulnerability in Elliptic Curve Digital Signature Algorithm ECDSA ESA-2022-06 A vulnerability CVE-2022-21449 affecting the implementation of Elliptic Curve Digital Signing Algorithm ECDSA based signatures verification in Java JDK versions 15 and later...
hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715
A flaw was found in hw. The speculative execution window of AMD LFENCE/JMP mitigation MITIGATION V2-2 may be large enough to be exploited on AMD CPUs...
hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715
A flaw was found in hw. The speculative execution window of AMD LFENCE/JMP mitigation MITIGATION V2-2 may be large enough to be exploited on AMD CPUs...