CVE-2025-46687

quickjs-ng through 0.9.0 has a missing length check in JSReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

CVE-2022-49366

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix reference count leak in smbcheckpermdacl The issue happens in a specific path in smbcheckpermdacl. When "id" and "uid" have the same value, the function simply jumps out of the loop without decrementing the reference...

CVE-2024-12879

The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'qcwplatestupdatecheckpro' function in all versions up to, and including, 13.5.5. This makes it possible for authenticated attackers, with...

CVE-2024-56778 drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check

In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in stihqvdpatomiccheck The return value of drmatomicgetcrtcstate needs to be checked. To avoid use of error pointer 'crtcstate' in case of the failure...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management via the checkwasabicompatibility function. Remediation There is no fixed version for wasm-micro-runtime. References - GitHub Commit - GitHub Gist - GitHub Issue - GitHub PR Credit: Ziyi Guo...

DEBIAN-CVE-2024-4603

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the wasmloadercheckbr function. An attacker can trigger a crash on the affected application. Remediation Upgrade wasm-micro-runtime to version 1.3.3 or higher. References - GitHub Commit - GitHub Issue...

The vulnerability of the rsa_check_exponent_fips() function in the crypto/rsa.c module of the Linux operating system’s RSA implementation allows a hacker to compromise the accessibility of the protected information.

The vulnerability of the rsacheckexponentfips function in the crypto/rsa.c module of the Linux operating system’s RSA implementation is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to compromise the accessibility of the protected information...

PT-2024-1576

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 through 3.1 Description The issue is related to the function EVP PKEY public check in the OpenSSL library, which can lead to a Denial of Service DoS attack when checking excessively long invalid RSA public keys. This can...

OpenSSL Security Vulnerabilities

OpenSSL is an open source capable general-purpose cryptographic library from the OpenSSL team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

UBUNTU-CVE-2023-6237

Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVPPKEYpubliccheck to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may...

The vulnerability of the X509_check function in the OpenConnect client allows a hacker to gain access to confidential data.

The vulnerability of the X509check function in the OpenConnect client involves deficiencies in handling exceptional states. Exploiting this vulnerability can allow an attacker operating remotely to gain access to confidential data...

CVE-2023-33269

An issue was discovered in DTS Monitoring 3.57.0. The parameter options within the WGET check function is vulnerable to OS command injection blind...

Command injection

An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the WGET check function is vulnerable to OS command injection blind...

DTS Monitoring Operating System Command Injection Vulnerability

DTS Monitoring is an information system monitoring platform from DTS Corporation. An operating system command injection vulnerability exists in DTS Monitoring version 3.57.0, which stems from the url parameter in the WGET check function being susceptible to operating system command injection...

CVE-2023-33270

CVE-2023-33270 affects DTS Monitoring 3.57.0. The issue is a blind OS command injection in the url parameter of the Curl check function, enabling arbitrary command execution with high impact (C/H/I/H) per the CVSS 3.1 vector. Connected sources confirm the vulnerable component and root cause but d...

CVE-2023-33273

An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the WGET check function is vulnerable to OS command injection blind...

PT-2023-24258 · Unknown · Dts Monitoring

Name of the Vulnerable Software and Affected Versions: DTS Monitoring version 3.57.0 Description: An issue was discovered in the software where the url parameter within the WGET check function is vulnerable to OS command injection, specifically blind command injection. This means an attacker coul...

PT-2023-24253 · Unknown · Dts Monitoring

Name of the Vulnerable Software and Affected Versions: DTS Monitoring version 3.57.0 Description: An issue was discovered in the parameter options within the WGET check function, which is vulnerable to OS command injection blind. Recommendations: For DTS Monitoring version 3.57.0, consider...

CVE-2023-33270

An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the Curl check function is vulnerable to OS command injection blind...