41 matches found
CVE-2022-46527
ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow via the NFC data parser...
Buffer overflow
ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow via the NFC data parser...
CVE-2022-46527
ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow via the NFC data parser...
CVE-2022-46527
ELSYS ERS 1.5 Sound v2.3.8 contains a buffer overflow in the NFC data parser. The CVE details indicate an impact to availability (CVSS: 7.5, high), with network attack vector and no user interaction. Product/component: ELSYS ERS 1.5 Sound, affected version 2.3.8. Root cause: buffer overflow in NF...
PT-2023-14955 · Elsys · Elsys Ers 1.5 Sound
Name of the Vulnerable Software and Affected Versions: ELSYS ERS 1.5 Sound version 2.3.8 Description: A buffer overflow issue was discovered in the NFC data parser. Recommendations: For version 2.3.8, at the moment, there is no information about a newer version that contains a fix for this issue...
ELSYS ERS Security Vulnerability
ELSYS ERS is a smart, professional LoRaWAN sensor from ELSYS. It is used for indoor climate measurements. A security vulnerability exists in ELSYS ERS version 1.5 Sound v2.3.8, which stems from a buffer overflow vulnerability in the NFC data parser...
CVE-2022-46527
ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow via the NFC data parser...
Jenkins: Denial of Service attack
A flaw was found in Jenkins. Affected versions of Jenkins use the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service...
Dell System Update has an unspecified vulnerability
Dell System Update is an application package from Dell, Inc. that provides application updates. A security vulnerability exists in Dell System Update version 2.0.0 and prior versions, which stems from the inclusion of incorrect certificate validation in the data parser module. No details of the...
CVE-2022-34404
Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service...
CVE-2022-34404
Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service...
Input validation
Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service...
Dell System Update 信任管理问题漏洞
Dell System Update is an application package from Dell, Inc. that provides application updates. A security vulnerability exists in Dell System Update version 2.0.0 and prior versions, which stems from the inclusion of incorrect certificate validation in the data parser module. No details of the...
CVE-2022-34404
Summary (CVE-2022-34404) Dell System Update (versions 2.0.0 and earlier) contains an improper certificate validation flaw in the data parser module. The underlying issue is a certificate validation weakness that could enable a local attacker with high privileges to cause credential theft and/or d...
CVE-2021-44354
Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44372
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetLocalLink param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44390
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. Format param is not object. An attacker can send an HTTP request to trigger this vulnerability...
php: Heap buffer over-read in exif_scan_thumbnail()
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information...
CVE-2017-1000058
Stored XSS vulnerabilities in chevereto CMS before version 3.8.11, one in the user profile and one in the Exif data parser...
Cross site scripting
Stored XSS vulnerabilities in chevereto CMS before version 3.8.11, one in the user profile and one in the Exif data parser...