PT-2024-22701 · Unknown · Mesh Wi-Fi Router Rp562B

Name of the Vulnerable Software and Affected Versions: Mesh Wi-Fi router RP562B versions v1.0.2 and earlier Description: The issue is related to an active debug code vulnerability. If exploited, it allows a network-adjacent authenticated attacker to obtain or alter the device's settings...

go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion...

CVE-2024-8235

A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterface...

PT-2024-8702 · Bhyve +1 · Bhyve +1

Name of the Vulnerable Software and Affected Versions: bhyve affected versions not specified Description: The issue is related to an insufficient boundary validation in the USB code, which could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privilege...

SUSE CVE-2024-7522

Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox 129, Firefox ESR 115.14, Firefox ESR 128.1, Thunderbird 128.1, and Thunderbird 115.14...

Google Android elevation of privilege vulnerability (CNVD-2024-39685)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a flaw in setSkipPrompt in AssociationRequest.java. An attacker can exploit this vulnerability to escalate privileges...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that there is no check to verify that the number of entries eh-ehentries is non-zero when depth 0...

PT-2023-29197 · Dell · Dell Poweredge +1

Name of the Vulnerable Software and Affected Versions: Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS version 1.4.4 Description: The issue concerns active debug code security vulnerability in the BIOS. An unauthenticated physical attacker could potentially exploit this, leadin...

Missing balance checks in _reserveTokenSpecified()

Lines of code Vulnerability details Impact By calling depositGivenInputAmount and withdrawGivenOutputAmount which both call 'reserveTokenSpecified', users may potentially create scenarios where the balance ratio allowed for the EvolvedProtocol.sol deployment is violated. POC depositGivenInputAmou...

CVE-2020-35698

Thinkific Thinkific Online Course Creation Platform 1.0 is affected by: Cross Site Scripting XSS. The impact is: execute arbitrary code remote. The component is: Affected Source code of the website CMS which is been used by many to host their online courses using the Thinkific Platform. The attac...

PoolSelector.computePoolAllocationForDeposit could return an unfair value.

Lines of code Vulnerability details Impact When calling StaderStakePoolsManager.validatorBatchDeposit, it calls PoolSelector.computePoolAllocationForDeposit to get the validator count to deposit for the pool. It calculates the count based on the capacity and the weight of the pool. However,...

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6071-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6071-1 advisory. It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel did not properly perform filter deactivation in some...

Google Pixel 安全漏洞

Google Pixel is a smartphone from Google, an American company. Google Pixel suffers from a security vulnerability that stems from a logic error in the code and possible ID expiration...

SUSE CVE-2018-10998

An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service SIGABRT by triggering an incorrect Safe::add call...

Incorrect calculation

Lines of code Vulnerability details Impact On line 119, the result of the conversion is always going to be zero. Therefore, functions that apply onlyDriver modifier will never be executed. Proof of Concept Please deploy the code below to test the modifier's broken implementation. //...

CVE-2022-46101

AyaCMS v3.1.2 was found to have a code flaw in the ustsql.inc.php file, which allows attackers to cause command execution by inserting malicious code...

CVE-2022-46101

AyaCMS v3.1.2 was found to have a code flaw in the ustsql.inc.php file, which allows attackers to cause command execution by inserting malicious code...

Code injection

AyaCMS v3.1.2 was found to have a code flaw in the ustsql.inc.php file, which allows attackers to cause command execution by inserting malicious code...

PT-2022-27738 · Ayacms · Ayacms

Name of the Vulnerable Software and Affected Versions: AyaCMS version 3.1.2 Description: The issue is related to a code flaw in the ust sql.inc.php file, which allows attackers to cause command execution by inserting malicious code. Recommendations: For AyaCMS version 3.1.2, consider restricting...

CVE-2022-46101

AyaCMS v3.1.2 was found to have a code flaw in the ustsql.inc.php file, which allows attackers to cause command execution by inserting malicious code...