PT-2023-2355 · Libde265 +5 · Libde265 +5

Name of the Vulnerable Software and Affected Versions: Libde265 version 1.0.11 Description: The issue is related to a heap buffer overflow in the derive collocated motion vectors function at motion.cc. This can be exploited by a remote attacker to impact the confidentiality, integrity, and...

PT-2023-3040 · Tenda · Tenda G103

Name of the Vulnerable Software and Affected Versions: Tenda G103 version 1.0.0.5 Description: A command injection issue allows an attacker to execute arbitrary code via the language parameter. This can compromise the integrity, availability, and confidentiality of protected information. The...

PT-2023-15682 · Unknown · Ams Module

Name of the Vulnerable Software and Affected Versions: AMS module affected versions not specified Description: The issue is related to a lack of permission verification in APIs, which may impact data confidentiality. Recommendations: At the moment, there is no information about a newer version th...

The software for programming Mitsubishi Electric GX Works3 is vulnerable, allowing a intruder to gain access to the CPU module and the OPC UA server module.

The vulnerability of the software for programming Mitsubishi Electric GX Works3 lies in the storage of information in an open manner. Exploiting this vulnerability can allow a malicious actor to gain access to the CPU module and the OPC UA server module...

CVE-2022-41264

Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacke...

PT-2022-6098 · Pdfkit · Pdfkit

Name of the Vulnerable Software and Affected Versions: pdfkit versions 0.0.0 through 0.8.7.2 Description: The issue is related to insufficient argument checking in the pdfkit library, which can be exploited by a remote attacker to execute arbitrary commands. This is a Command Injection...

PT-2022-4714 · Hewlett Packard · Hp Support Assistant +1

Name of the Vulnerable Software and Affected Versions: HP Support Assistant version 9 Description: The issue is related to a DLL hijacking vulnerability in HP Support Assistant, which uses HP Performance Tune-up as a diagnostic tool. This vulnerability can be exploited by an attacker to elevate...

RLSA-2022:5726 Important: java-17-openjdk security, bug fix, and enhancement update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-17-openjdk 17.0.4.0.8. BZ2084650 Security Fixes: OpenJDK: integer truncation issue in Xalan-J...

java-17-openjdk security, bug fix, and enhancement update

An update is available for java-17-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The java-17-openjdk packages provide the OpenJDK 17 Java Runtime...

PT-2022-20195 · Litespeed · Litespeed Quic

Name of the Vulnerable Software and Affected Versions: LiteSpeed QUIC aka LSQUIC versions prior to 3.1.0 Description: The issue arises from the mishandling of MAX TABLE CAPACITY in liblsquic/lsquic qenc hdl.c. No information is provided about the estimated number of potentially affected devices...

PT-2022-4300

Name of the Vulnerable Software and Affected Versions Android kernel Description The issue is related to a function kbase jd user buf pin pages in mali kbase mem.c, which is part of the graphics processor driver in Android operating system for Google Pixel devices. It involves an out-of-bounds...

PT-2022-13275 · Snipe-It · Snipe-It

Name of the Vulnerable Software and Affected Versions: Snipe-IT versions prior to 5.3.9 Description: The issue concerns improper privilege management, allowing a user without access to the supplier module to view supplier content. Recommendations: For versions prior to 5.3.9, update to version...

CVE-2021-32773

Racket is a general-purpose programming language and an ecosystem for language-oriented programming. In versions prior to 8.2, code evaluated using the Racket sandbox could cause system modules to incorrectly use attacker-created modules instead of their intended dependencies. This could allow...

PT-2024-11336 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.13.0-rc7 Description: A vulnerability in the Linux kernel has been resolved, which involved a bad pointer dereference when the ehandler kthread is invalid. The issue occurred when the error handler thread fail...

PT-2021-17539 · Sap · Sap Netweaver As Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS ABAP versions 731, 740, 750 Description: The issue allows an attacker to cause a Denial of Service, affecting the Availability of the SAP system by blocking all work processes. This is achieved by calling the SPI WAIT MILLIS...

PT-2021-7595 · Unknown +1 · Cgal Libcgal +1

Name of the Vulnerable Software and Affected Versions: CGAL libcgal version 5.1.1 Description: Multiple code execution vulnerabilities exist in the Nef polygon-parsing functionality. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code...

Huawei Imanager Neteco 6000 信息泄露漏洞

Huawei Imanager Neteco 6000 is a platform from China's Huawei that provides a management approach for data center infrastructure. The platform can implement unified management for medium-sized and large data centers and multiple data centers, and improve resource utilization in data centers by...

SiteVision 4.x / 5.x Insufficient Module Access Control

SiteVision Insufficient Module Access Control CVE-2019-12734 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12734 https://www.cybercom.com/About-Cybercom/Blogs/Security-Advisories/high-risk-vulnerabilities-in-cms-product/ Summary Attackers may inject non-authorised modules when editing...

PT-2023-15168 · Unknown +1 · Gpac Mp4Box +1

Name of the Vulnerable Software and Affected Versions: GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b Description: The issue is related to a buffer overflow in the hevc parse vps extension function of media tools/av parsers.c. This function is used for parsing video parameters, and the buffer...

USN-2974-1 qemu, qemu-kvm vulnerabilities

Zuozhi Fzz discovered that QEMU incorrectly handled USB OHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. CVE-2016-2391 Qinghao Tang discovered that QEMU incorrectly handled USB Net emulation support. A...