350 matches found
PT-2024-28308 · Airvertco · Airvertco Frappejs
Name of the Vulnerable Software and Affected Versions: airvertco frappejs version 0.0.11 Description: The issue is related to a prototype pollution vulnerability via the registerView function. This allows attackers to execute arbitrary code or cause a Denial of Service DoS by injecting arbitrary...
PT-2024-4296
Name of the Vulnerable Software and Affected Versions Emacs versions prior to 29.4 Org Mode versions prior to 9.7.5 Description The issue arises from the expansion of a %... link abbrev by the org-link-expand-abbrev function in lisp/ol.el, even when it specifies an unsafe function like...
PT-2024-37356 · Gpac +2 · Gpac +2
Name of the Vulnerable Software and Affected Versions: GPAC version 2.5-DEV-rev228-g11067ea92-master Description: A problematic issue was found, affecting the swf svg add iso sample function of the src/filters/load text.c file in the MP4Box component. This issue leads to a null pointer dereferenc...
PT-2024-26434 · Libyaml · Libyaml
Name of the Vulnerable Software and Affected Versions: libyaml version 0.2.5 Description: The issue is related to a Buffer Overflow vulnerability. It affects the yaml emitter emit function in the /src/libyaml/src/emitter.c file. The manipulation leads to a double-free. Recommendations: For libyam...
PT-2024-4395 · Tenda · Tenda A301
Name of the Vulnerable Software and Affected Versions: Tenda A301 version 15.13.08.12 Description: A critical issue has been identified, classified as critical, affecting the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk crypto leads to a...
PYSEC-2024-236
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting XSS issue. The /proxy endpoint accepts a host path segmen...
PT-2024-21857 · Samsung · Exynos 1280 +4
Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor Exynos 980 Samsung Mobile Processor Exynos 850 Samsung Mobile Processor Exynos 1280 Samsung Mobile Processor Exynos 1380 Samsung Mobile Processor Exynos 1330 Description: An issue was discovered in the function slsi n...
PT-2024-27114 · Idccms · Idccms
Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in the component "admin/vpsClass deal.php?mudi=del". This issue allows for unauthorized requests to be made on behalf of the user. Recommendations: For...
PT-2024-36068 · Unknown · Phpmybackuppro
Name of the Vulnerable Software and Affected Versions: PhpMyBackupPro version 2.3 Description: A vulnerability has been discovered that could allow an attacker to execute XSS through the "/phpmybackuppro/get file.php" API endpoint, using the view parameter. This could allow an attacker to create ...
PT-2024-8987 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the i2c virtio component in the Linux kernel. If a timeout occurs, it can result in incorrect data on the I2C bus and/or memory corruptions in the guest since t...
PT-2024-25771 · Wasm3 · Wasm3
Name of the Vulnerable Software and Affected Versions: wasm3 version 0.5.0 Description: A global buffer overflow was discovered in wasm3, leading to a segmentation fault. This issue is related to the function PreserveRegisterIfOccupied in wasm3/source/m3 compile.c. Recommendations: For wasm3...
PT-2024-13396
Name of the Vulnerable Software and Affected Versions PyPXE version 1.8.4 Description The issue allows a remote attacker to cause a denial of service via the handle function in the tftp module. Recommendations For PyPXE version 1.8.4, consider disabling the handle function in the tftp module as a...
PT-2024-29521 · Tenda · Tenda 4G300
Name of the Vulnerable Software and Affected Versions: Tenda 4G300 version 1.01.42 Description: A critical issue affects the function sub 429A30. The manipulation of the argument list1 leads to a stack-based buffer overflow. The attack may be initiated remotely. The vendor was contacted about thi...
PT-2024-29496
Name of the Vulnerable Software and Affected Versions Tenda 4G300 version 1.01.42 Description A critical issue was found, affecting the function sub 422AA4. The manipulation of the argument year/month/day/hour/minute/second leads to a stack-based buffer overflow. This issue can be exploited...
PT-2024-22528 · Pdf2Json · Pdf2Json
Name of the Vulnerable Software and Affected Versions: pdf2json version 0.70 Description: A buffer overflow issue allows a local attacker to execute arbitrary code via the GString::copy and ImgOutputDev::ImgOutputDev function. Recommendations: For pdf2json version 0.70, consider disabling the...
PT-2024-3097 · Totolink · Totolink N300Rt
Name of the Vulnerable Software and Affected Versions: TOTOLINK N300RT version V2.1.8-B20201030.1539 Description: The issue is related to the lack of protection for the web page structure, allowing a remote attacker to conduct a cross-site scripting XSS attack. This can be exploited in the MAC...
PT-2024-3507 · Huawei · Huawei Matebook D16
Name of the Vulnerable Software and Affected Versions: Huawei Matebook D16 version v2.26 Description: The issue is related to a buffer overflow in the SMRAM memory of Huawei personal computers' UEFI BIOS microprogram, which can allow an attacker to execute arbitrary code in System Management Mode...
PT-2024-3134 · Tenda · Tenda Ac8
Name of the Vulnerable Software and Affected Versions: Tenda AC8 version 16.03.34.09 Description: The issue is related to a stack-based buffer overflow in the formSetRebootTimer function of the /goform/SetRebootTimer API endpoint. This can be exploited by manipulating the rebootTime argument,...
PT-2024-3222 · Brocade · Brocade Sannav
Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.1 Brocade SANnav version 2.3.0a Description: The issue is related to the class FileTransfer in Brocade SANnav, which uses the ssh-rsa signature scheme with a SHA-1 hash. This could allow a remote,...
PT-2024-2866 · Totolink · Totolink Ex200
Name of the Vulnerable Software and Affected Versions: TOTOLINK EX200 version 4.0.3c.7646 B20201211 Description: The issue is related to a remote code execution vulnerability in the NTPSyncWithHost function, specifically via the hostTime parameter. This vulnerability is associated with weaknesses...