PT-2025-9700 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 6.7.0 Description: The issue allows for path traversal, which may enable remote code execution using a privileged account, requiring a device admin account. This cannot be performed by a regular user. In combinatio...

PT-2024-10613 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX affected versions not specified Description: The issue allows an image with a version lower than the fuse version to potentially be booted, leading to improper authentication. Recommendations: At the moment, there is no information...

PT-2024-40947 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 0.15.1 Description: The issue concerns the borsh serialization of the HashMap, which did not adhere to the borsh specification. This led to potential non-canonical encodings that depended on the insertion order, an...

PT-2024-22696 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 2.1.4 Description: The issue arises when a user's session is not invalidated after logout. Upon successful login, the Backend service returns an "Authorization" credential, which can still be used to initiate...

PT-2024-25911 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 2.1.4 Description: The issue allows a regular user to view everyone's user flink information, including executeSQL and config, after successfully logging in. This is achieved by manually making a request using the...

PT-2024-22784

Name of the Vulnerable Software and Affected Versions SoftwareX versions prior to 2.1.4 Description The issue allows a user to perform a template injection attack, resulting in Remote Code Execution on the server. This can be done after a successful login, making it a moderate-impact issue...

PT-2024-40913 · Softwarex +1 · Softwarex +1

Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 0.9.7 SoftwareX versions prior to 0.10.4 Description: The issue arises from unsafe memory accesses due to the assumption that reprpacked guarantees a specific field order in structs. However, the Rust specification...

PT-2024-40912 · Softwarex +1 · Softwarex +1

Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 0.9.7 SoftwareX versions prior to 0.10.3 Description: The issue arises from unsafe memory accesses due to the assumption that reprpacked guarantees a specific field order in structs. However, the Rust specification...

PT-2024-40380 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 3.1.14 Description: The issue arises during installation, where certain parameters admin username and admin password are not properly escaped in the setup form. Recommendations: For versions prior to 3.1.14, update...

PT-2024-41049 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 0.29 Description: The issue concerns the execution of commands with multi-line clipboard text, including "| sh". Recommendations: For versions prior to 0.29, update to version 0.29 to resolve the issue...

PT-2024-22631 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX affected versions not specified Description: A SQL injection issue exists in the script Handler CFG.ashx. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

PT-2024-14563 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX affected versions not specified Description: The issue concerns a vulnerability of permission verification in the content sharing pop-up module. Successful exploitation of this issue may cause unauthorized file sharing...

PT-2024-15312 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX affected versions not specified Description: The issue is related to a missing permission check in the applyCustomDescription function of SaveUi.java, allowing potential local information disclosure with user execution privileges...

PT-2024-12854 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX affected versions not specified Description: The issue is related to a confused deputy in the applyCustomDescription function of SaveUi.java, allowing an attacker to view other users' images. This could lead to local information...

PT-2024-40452 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 0.33.1 Description: The issue arises when a node receives a block with a timestamp more than 15 seconds ahead of its local time, potentially leading to the block being marked as invalid and the peer being banned. T...

PT-2023-28579 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX affected versions not specified Description: The issue is related to the cookie session ID being of insufficient length, making it vulnerable to brute force attacks. This could allow a remote attacker to obtain a valid session, bypa...

PT-2023-27297 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX affected versions not specified Description: The issue is related to a cross-site scripting vulnerability, which could allow an attacker to access the web application and introduce arbitrary JavaScript by injecting an XSS payload in...

PT-2023-28893

Name of the Vulnerable Software and Affected Versions SoftwareX versions prior to 7.10 Description The issue arises from the implementation of deriveVaultKey, which generates a vault key with the last 16 bytes predetermined to be "arfoobarfoobarfo". This occurs because deriveVaultKey calls...

PT-2023-27928 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 2023.01.14.325 Description: The issue allows SQL Injection through the sort parameter of the "/index.php" endpoint. Recommendations: For versions prior to 2023.01.14.325, consider disabling the sort parameter in th...

PT-2023-20644 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX affected versions not specified Description: The issue is related to the integrated oAuth Authorization Service, where functions with insufficient randomness were used to generate authorization tokens. This made authorization codes...