Tenda i29 sysScheduleRebootSet Method Command Execution Vulnerability

The Tenda i29 is a wireless router from the Chinese company Tenda. The Tenda i29 suffers from a command execution vulnerability that stems from the sysScheduleRebootSet method failing to properly filter construct command special characters, commands, etc. The vulnerability can be exploited to cau...

Tenda i29 pingSet Method Command Execution Vulnerability

The Tenda i29 is a wireless router from the Chinese company Tenda. The Tenda i29 suffers from a command execution vulnerability that stems from the pingSet method failing to properly filter construct command special characters, commands, etc. The vulnerability can be exploited to cause arbitrary...

kernel: drm: amd: display: Fix memory leakage

A memory leak flaw was found in the Linux kernel's AMD display driver in the display context construction logic. A local user can trigger this issue during AMD GPU initialization when the dcconstructctx function fails to release allocated memory in error paths. This results in permanent memory...

PT-2025-40768

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Alma Linux affected versions not specified SberLinux kernel affected versions not specified Description The Linux kernel contains a flaw related to memory management within the AMD display driver...

D-Link DIR-823G Command Execution Vulnerability (CNVD-2023-65130)

The D-Link DIR-823G is a wireless router from China's AUO D-Link. A command execution vulnerability exists in the D-Link DIR-823G version 1.02B05, which stems from the application failing to properly filter construct command special characters, commands, etc. An attacker can exploit this...

Overly Permissive Trust Policies

aws-cdk is vulnerable to Overly Permissive Trust Policies. The vulnerability exists because the library's CreationRole and the default MastersRole use the account root principal in their trust policy, which allows eks.Cluster and eks.FargateCluster construct clusters to create two roles that have...

Tenda AC23 Command Injection Vulnerability

Tenda AC23 is a dual-band Gigabit wireless router from Tenda China. Tenda AC23 suffers from a command injection vulnerability, which stems from the parameter v2 of the file /bin/ate failing to correctly filter construct command special characters, commands, etc. An attacker can exploit this...

CVE-2023-30410

Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component ecmaopfunctionconstruct at /operations/ecma-function-object.c...

UBUNTU-CVE-2023-30410

Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component ecmaopfunctionconstruct at /operations/ecma-function-object.c...

PT-2023-22680 · Unknown · Jerryscript

Name of the Vulnerable Software and Affected Versions: Jerryscript version 1a2c047 Description: A stack overflow issue was discovered in the ecma op function construct component at /operations/ecma-function-object.c. This issue affects the functionality of the software, potentially leading to a...

CVE-2023-30410

Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component ecmaopfunctionconstruct at /operations/ecma-function-object.c...

SUSE CVE-2018-18359

Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...

Prototype Pollution

baobab is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes via the merger function in helpers.js and modify attributes such as proto, constructor, and other prototype base objects...

@basket/get (>=1.1.0 <=1.2.2), @bitovi/incremental (>=1.0.0 <=1.0.2) +50 more potentially affected by CVE-2022-37257 via steal (>=0.12.9 <=2.3.0)

steal NPM version =0.12.9, =1.1.0, =1.0.0, =1.0.0, =0.0.0, =0.1.0, =0.1.0, =0.0.1, =0.0.1-0, =0.3.0, =1.0.0, =0.4.0, =0.7.3 and more Source cves: CVE-2022-37257 Source advisory: OSV:GHSA-93Q5-3XPC-8VG3...

CVE-2022-36862

A heap-based overflow vulnerability in HWR::EngineCJK::Impl::Construct in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault...

CVE-2022-36862

A heap-based overflow vulnerability in HWR::EngineCJK::Impl::Construct in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault...

CVE-2022-36862

A heap-based overflow vulnerability in HWR::EngineCJK::Impl::Construct in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault...

CVE-2022-36844

A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault...

CVE-2022-36844

A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault...

CVE-2022-36844

A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault...