CVE-2024-10266

creationtimestamp| type| source ---|---|--- 2024-10-29 13:05:54+00:00| seen| https://t.me/cvedetector/9289...

The vulnerability of the formEasySetTimezone function (/goform/formEasySetTimezone) in the D-Link DIR-619L router software allows a hacker to trigger a service failure.

The vulnerability of the formEasySetTimezone function /goform/formEasySetTimezone of the D-Link DIR-619L router’s software lies in the copying of buffer without checking the size of the input data during the processing of the curTime parameter. Exploiting this vulnerability could allow an attacke...

CVE-2024-9570

A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formEasySetTimezone of the file /goform/formEasySetTimezone. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit...

PT-2024-37925 · WordPress · Event Espresso 4 Decaf

Name of the Vulnerable Software and Affected Versions: Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress versions up to, and including, 5.0.22.decaf Description: The issue is related to a missing capability check on the saveTimezoneString and some other functions,...

PT-2024-24989 · Grandstream · Grandstream Gxp2135

Name of the Vulnerable Software and Affected Versions: Grandstream GXP2135 versions 1.0.9.129 through 1.0.11.79 Description: An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality. A specially crafted network packet can lead to arbitrary command execution. An...

GHSA-4RCH-2FH8-94VW MySQL2 for Node Arbitrary Code Injection

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...

CVE-2024-21511

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...

CVE-2024-21511

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...

CVE-2024-21511

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...

mysql2 安全漏洞

MySQL2 is a MySQL client for Node.js by Andrey Sidorov, a personal developer. A security vulnerability exists in mysql2 2 versions prior to 3.9.7, which originates from an arbitrary code injection via an incorrect cleanup of the timezone parameter in the readCodeFor function by calling the native...

PT-2024-6583

Name of the Vulnerable Software and Affected Versions: mysql2 versions prior to 3.9.7 Description: The issue is related to improper sanitization of the timezone parameter in the readCodeFor function, which can lead to Arbitrary Code Injection when calling a native MySQL Server date/time function...

Arbitrary Code Injection

Overview mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time...

Debian: Security Advisory (DLA-3789-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3789-1] libdatetime-timezone-perl new timezone database

------------------------------------------------------------------------- Debian LTS Advisory DLA-3789-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 18, 2024 https://wiki.debian.org/LTS -...

DLA-3788-1 tzdata - new timezone database

Bulletin has no description...

Debian dla-3789 : libdatetime-timezone-perl - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3789 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3789-1 [email protected] https://www.debian.org/lts/security/...

CVE-2024-32320

Tenda AC500 V2.0.1.91307 firmware has a stack overflow vulnerability via the timeZone parameter in the formSetTimeZone function...

CVE-2024-32320

Tenda AC500 V2.0.1.91307 firmware has a stack overflow vulnerability via the timeZone parameter in the formSetTimeZone function...

PT-2024-24508 · Tenda · Tenda Ac500

Name of the Vulnerable Software and Affected Versions: Tenda AC500 version 2.0.1.91307 Description: The issue is a stack overflow vulnerability that can be exploited via the timeZone parameter in the formSetTimeZone function. This allows for potential unauthorized access or control...

CVE-2024-32320

The CVE describes a stack overflow in Tenda AC500 firmware (version 2.0.1.9(1307)) triggered by the timeZone parameter in the formSetTimeZone function. Affected component: Tenda AC500 device firmware; root cause: improper handling/validation of the timeZone input leading to stack overflow. Impact...