LibreNMS has a Persistent XSS from Insecure Input Sanitization Affects Multiple Endpoints

Summary The application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code. Details User with Admin role can edit the Display Name of a device, the application did not properly sanitize the user input i...

Adobe Illustrator 代码问题漏洞

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. A security vulnerability exists in Adobe Illustrator, which can be exploited by attackers to cause a denial of service in the application...

CVE-2024-39354

If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code...

D-Link DSL6740C 安全漏洞

The D-Link DSL6740C is a wireless VDSL router from China-based AUO D-Link. A security vulnerability exists in the D-Link DSL6740C, which can be exploited by an attacker to modify arbitrary user passwords and later log in to Web, SSH, and Telnet services via certain APIs...

CVE-2024-10573 Mpg123: buffer overflow when writing decoded pcm samples

An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is...

Maruti Suzuki SmartPlay 安全漏洞

Maruti Suzuki SmartPlay is an infotainment system from Maruti Suzuki. A security vulnerability exists in Maruti Suzuki SmartPlay version 66T0.05.50. An attacker could exploit the vulnerability to try commonly used or default usernames and passwords...

Cisco Adaptive Security Appliance 安全漏洞

The Cisco Adaptive Security Appliance is a network appliance from the American company Cisco, Inc. It is used to protect corporate networks and data centers of all sizes. A security vulnerability exists in the Cisco Adaptive Security Appliance that originates from a logic error when establishing ...

The vulnerability of the veth component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the veth component in the Linux operating system’s kernel is related to incorrect validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2024-29821

Ivanti DSM version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector...

PT-2024-38333 · WordPress · The Royal Elementor Addons/Templates

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons and Templates plugin for WordPress versions up to, and including, 1.3.986 Description: The issue allows authenticated attackers with subscriber-level access and above to extract data from password protected posts vi...

Oracle MySQL 安全漏洞

Oracle MySQL is an open source relational database management system from Oracle Corporation.MySQL Connectors is one of the drivers for connecting applications that use MySQL. A security vulnerability exists in MySQL Connectors for Oracle MySQL, which can be exploited by an attacker to update,...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the version control feature due to improper user input sanitization. An attacker can manipulate the output of the page by injecting malicious scripts through a malformed URL. Details Cross-site scripting...

OESA-2024-2188 uboot-tools security update

This package includes the mkimage program, which allows generation of U-Boot images in various formats, and the fwprintenv and fwsetenv programs to read and modify U-Boot's environment. Security Fixes: There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound t...

pcp: pmcd heap corruption through metric pmstore operations

A vulnerability was found in Performance Co-Pilot PCP. This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash...

AZL-49656 CVE-2024-45769 affecting package pcp 5.1.1-3

A vulnerability was found in Performance Co-Pilot PCP. This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash...

VICIdial 安全漏洞

VICIdial is a software suite from VICIdial, Inc. designed to interact with the Asterisk open source Pbx telephony system as a complete inbound/outbound contact center suite with inbound email support. A security vulnerability exists in VICIdial. An attacker can exploit this vulnerability to execu...

C-MOR Video Surveillance 5.2401 / 6.00PL01 Cross Site Scripting

Advisory ID: SYSS-2024-021 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401, 6.00PL01 Tested Versions: 5.2401, 6.00PL01 Vulnerability Type: Persistent Cross-Site Scripting CWE-79 Risk Level: High Solution Status: Open Manufacturer Notification: 2024-04-05...

Security Bulletin: Vulnerability in Go affects watsonx.data

Summary TheScalarMult and ScalarBaseMult methods of the P256 Curve in Golang Go have an unspecified error that returns an incorrect result which has an unknown impact and attack vector. watsonx.data may be affected by this. Vulnerability Details CVEID:CVE-2023-24532 DESCRIPTION: An unspecified...

Hostel Management System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : hostel management system 1.0 arbitrary file upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

SportsNET SQL注入漏洞

SportsNET is a sports event network application from SportsNET, Inc. SportsNET suffers from a SQL injection vulnerability that can be exploited by an attacker to retrieve, update, and delete all information in the database via a specially crafted SQL query...