多款Qualcomm产品代码问题漏洞

The Qualcomm QCA6574AU and others are products of Qualcomm Incorporated Qualcomm, U.S.A. The QCA6574AU is a central processing unit CPU product.The SD 636 is a central processing unit CPU product.The SDM630 is a central processing unit CPU product.The SDM630 is a central processing unit CPU...

Monstra CMS 代码问题漏洞

Monstra CMS is a lightweight PHP-based content management system CMS from the Ukrainian personal developer Sergey Romanenko.A code issue vulnerability exists in Monstra CMS v3.0.4, which could be exploited by attackers to execute arbitrary web scripts or HTML...

SuiteLink server 代码问题漏洞

Aveva Group SuiteLink Server is a communication server from Aveva Group, a UK-based company. A code issue vulnerability exists in SuiteLink server that stems from the product's mishandling of command 0x01...

WordPress 插件 代码问题漏洞

WordPress Plugin is an open source application plugin for WordPress. A code issue vulnerability exists in the WordPress plugin, which stems from a user-supplied URL request value being invoked by a curl request, making the Telefication plugin susceptible to open proxies and server-side request...

Libxsmm 缓冲区错误漏洞

Libxsmm is a library. for specialized dense and sparse matrix operations as well as deep learning primitives e.g., small convolutions. A security vulnerability exists in libxsmm that stems from JIT code having a heap-based buffer overflow...

owncloud 代码问题漏洞

Owncloud ownCloud is a personal cloud storage solution from the American company ownCloud Owncloud. A code issue vulnerability exists in owncloud that arises from improper design or implementation during code development of a networked system or product...

SAP Business One 代码问题漏洞

SAP Business One is a suite of enterprise management software from SAP, a German company. SAP Business One has a code issue vulnerability that stems from insufficient validation when uploading files, which could be exploited to upload any file...

Linux kernel 代码问题漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that can be exploited by local attackers to cause a denial of service situation...

Nexus Control Panel Code Issue Vulnerability

Swisslog Healthcare Nexus Panel is a medical device from Swisslog Healthcare. A code download without integrity check vulnerability exists in Nexus Control Panel versions prior to 7.2.5.7. The vulnerability stems from no file validation during the upload of an update. No details of the...

多款Qualcomm产品代码问题漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and from time to time are manufactured on the surface of semiconductor wafers. A code issue vulnerability exists in Qualcomm chips that stems fr...

IBM Sterling Partner Engagement Manager 代码问题漏洞

IBM Sterling Partner Engagement Manager is an automated management tool from IBM USA. A code issue vulnerability exists in IBM Sterling Partner Engagement Manager. A remote attacker could exploit the vulnerability to execute arbitrary code on the system by sending specially designed data...

MELSEC-F FX3U-ENET代码问题漏洞

MELSEC-F FX3U-ENET is an Ethernet interface block from mitsubishielectric. A code issue vulnerability exists in the MELSEC-F FX3U-ENET. The vulnerability arises from an improper design or implementation during code development for a network system or product...

CVE-2021-23405

CVE-2021-23405 affects pimcore/pimcore before 10.0.7. Multiple connected sources confirm an SQL injection caused by missing validation on the storeId parameter in ClassificationstoreController’s collectionsActionGet and groupsActionGet. Impact is high (CVSSv3.1: 8.8) with network access and no us...

Mitsubishi Electric Air Conditioning Systems 代码问题漏洞

Mitsubishi Electric Air Conditioning Systems is an air conditioning system from Mitsubishi Electric, a Japanese company. Mitsubishi Electric Air Conditioning Systems has a code issue vulnerability that stems from a flaw in the product's authorization mechanism...

ThinkJS 代码问题漏洞

ThinkJS is a Javascript-based and ES2015-enabled codebase for developing Node applications organized by ThinkJS. A code issue vulnerability exists in ThinkJS's think-helper, which stems from the component accepting input from upper-level groups for object initialization and modification without...

Panasonic FPWIN Pro 代码问题漏洞

Panasonic FPWIN Pro is a controller programming software from Panasonic Corporation Japan. A code issue vulnerability exists in Panasonic FPWIN Pro 7.5.1.1 and earlier versions, which can be exploited by an attacker to disclose information that is accessible within the context of the user executi...

Wordpress Themify 代码问题漏洞

Wordpress Themify is an application plugin. The ability to build any WordPress site faster and easier. A code issue vulnerability exists in Elemin prior to Themify 1.2.2 that allows remote attackers to upload and execute arbitrary PHP code via Themify framework wp-content theme Elemin Themify...

Wrong calculation on _collectRentAction

Handle adelamo Vulnerability details Impact The method collectRentAction contains the following code: ... else if !foreclosed && limitHit && marketLocked // CASE 4 // didn't foreclose AND // did hit time limit AND // did lock market // THEN refund rent between the earliest event and now if...

in hascheksolutions/pictshare

BUG ========== sha1 comparision bypass DETAILS ============= There is vulnerable code which can bypass file sha1 hash checking bypass function sha1Exists$sha1 $handle = fopenROOT.DS.'data'.DS.'sha1.csv', "r"; if $handle while $line = fgets$handle !== false ifsubstr$line,0,40==$sha1 return...

CVE-2021-3588

The clifeatreadcb function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading...