PT-2024-9480 · Advantech · Advantech Eki-6333Ac-2G +1

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: A security issue was discovered in the connection profile apply API, wher...

PT-2024-9479 · Advantech · Advantech Eki-6333Ac-2G +1

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: The issue exists due to the lack of neutralization of special elements us...

PT-2024-9484 · Advantech · Eki-6333Ac-2G +1

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: A security issue was discovered in the "lan apply" API of Advantech's...

Astra Linux - уязвимость в ghostscript

Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfiapplyfilter function via a long PDF filter name...

IBM DB2 DoS (7175943) (Windows)

According to its self-reported version number, IBM Db2 on Windows is vulnerable to a denial of service when querying certain tables using a specially crafted statement. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

SUSE CVE-2024-50205

In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: Avoid division by zero in applyconstrainttosize The step variable is initialized to zero. It is changed in the loop, but if it's not changed it will remain zero. Add a variable check before the division. The...

AZL-53025 CVE-2024-50205 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: Avoid division by zero in applyconstrainttosize The step variable is initialized to zero. It is changed in the loop, but if it's not changed it will remain zero. Add a variable check before the division. The...

CVE-2024-50205 ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()

In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: Avoid division by zero in applyconstrainttosize The step variable is initialized to zero. It is changed in the loop, but if it's not changed it will remain zero. Add a variable check before the division. The...

CVE-2024-10965

Vulnerability summary (CVE-2024-10965): EMQX Neuron up to version 2.10.0 is affected by an information disclosure issue in the JSON File Handler, specifically the vulnerable function at /api/v2/schema. Exploitation is possible remotely through manipulation of this endpoint due to an unknown funct...

TONGDA Office Anywhere SQL注入漏洞

TONGDA Office Anywhere is a collaborative office OA system of China Tongda TONGDA. TONGDA Office Anywhere suffers from a SQL injection vulnerability, which originates from the mrid parameter of the /pda/meeting/apply.php page containing a SQL injection vulnerability...

Apple Releases Security Updates for Multiple Products

Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply necessary updates: i...

AZL-51083 CVE-2024-49907 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check null pointers before using dc-clkmgr WHY & HOW dc-clkmgr is null checked previously in the same function, indicating it might be null. Passing "dc" to "dc-hwss.applyidlepoweroptimizations", which dereferenc...

PT-2024-39840 · Unknown · Lylme Spage

Name of the Vulnerable Software and Affected Versions: LyLme spage version 1.9.5 Description: A critical issue affects the processing of the file /admin/apply.php. The manipulation of the id argument leads to SQL injection. The attack can be initiated remotely. Recommendations: For LyLme spage...

Adobe Releases Security Updates for Multiple Products

Adobe released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the...

PT-2024-30613 · Microchip · Timeprovider 4100

Name of the Vulnerable Software and Affected Versions: Microchip TimeProvider 4100 versions 1.0 through 2.4.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks. The...

CVE-2024-8412 LinuxOSsk Shakal-NG views.py redirect

A vulnerability, which was classified as problematic, was found in LinuxOSsk Shakal-NG up to 1.3.3. Affected is an unknown function of the file comments/views.py. The manipulation of the argument next leads to open redirect. It is possible to launch the attack remotely. The name of the patch is...

Task Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Task Management System 1.0 CSRF add staff Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0...

DEBIAN-CVE-2024-43907

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix the null pointer dereference in applystateadjustrules Check the pointer value to fix potential null pointer dereference...

PT-2024-7268

Name of the Vulnerable Software and Affected Versions: CPython versions prior to 3.13.0 Description: The issue is related to the 'http.cookies' standard library module in CPython. When parsing cookies that contain backslashes for quoted characters in the cookie value, the parser uses an algorithm...

OSV-2024-999 Stack-buffer-overflow in filter_apply_chain

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68846 Crash type: Stack-buffer-overflow READ 4 Crash state: filterapplychain filterapplychain readin...