EUVD-2026-26697

Buffer overflow vulnerability in Open Vehicle Monitoring System 3 OVMS3 3.3.005. In canformatcanswitch.cpp the parser does not properly validate a CANswitch DLC value, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted CANswitch frames...

UBUNTU-CVE-2024-56604

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcommsockalloc btsockalloc attaches allocated sk object to the provided sock object. If rfcommdlcalloc fails, we release the sk object, but leave the dangling pointer in th...

yt-dlp 安全漏洞

yt-dlp is based on the youtube-dl branch of the now inactive youtube-dlc. A security vulnerability exists in yt-dlp that stems from not properly escaping special characters, resulting in a remote code execution vulnerability...

GHSA-8FXR-QFR9-P34W TorchServe Server-Side Request Forgery vulnerability

Impact Remote Server-Side Request Forgery SSRF Issue: TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and...

TorchServe Pre-Auth Remote Code Execution

Impact Use of Open Source Library potentially exposed to RCE Issue: Use of a version of the SnakeYAML v1.31 open source library with multiple issues that potentially exposes the user to unsafe deserialization of Java objects. This could allow third parties to execute arbitrary code on the target...

GHSA-4MQG-H5JF-J9M7 TorchServe Pre-Auth Remote Code Execution

Impact Use of Open Source Library potentially exposed to RCE Issue: Use of a version of the SnakeYAML v1.31 open source library with multiple issues that potentially exposes the user to unsafe deserialization of Java objects. This could allow third parties to execute arbitrary code on the target...

CVE-2023-28543 Out of Bounds read in SNPE Library

A malformed DLC can trigger Memory Corruption in SNPE library due to out of bounds read, such as by loading an untrusted model e.g. from a remote source...

CVE-2023-28543 Out of Bounds read in SNPE Library

A malformed DLC can trigger Memory Corruption in SNPE library due to out of bounds read, such as by loading an untrusted model e.g. from a remote source...

SUSE CVE-2019-3701

An issue was discovered in cancangwrcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the candlc field. The privileged user "root" with CAPNETADMIN can create a CAN frame modification rule that mak...

osmium-dlc.com Cross Site Scripting vulnerability OBB-3069630

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

dlc-software.com Cross Site Scripting vulnerability OBB-2998327

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-20198

In llcpdlcprocconnectpdu of llcpdlc.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure from the NFC stack with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

ECOA Building Automation System - Hidden Backdoor Accounts and backdoor() Function

Exploit Title: ECOA Building Automation System - Hidden Backdoor Accounts and backdoor Function Date: 25.06.2021 Exploit Author: Neurogenesia Vendor Homepage: http://www.ecoa.com.tw ECOA Building Automation System Hidden Backdoor Accounts and backdoor Function Vendor: ECOA Technologies Corp...

ECOA Building Automation System - Configuration Download Information Disclosure

Exploit Title: ECOA Building Automation System - Configuration Download Information Disclosure Date: 25.06.2021 Exploit Author: Neurogenesia Vendor Homepage: http://www.ecoa.com.tw ECOA Building Automation System Configuration Download Information Disclosure Vendor: ECOA Technologies Corp. Produc...

ECOA Building Automation System Remote Privilege Escalation Vulnerability

ECOA Building Automation System Remote Privilege Escalation Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster System - TRANE 1.0 ECO...

ECOA Building Automation System Hidden Backdoor Accounts Vulnerability

ECOA Building Automation System Hidden Backdoor Accounts and backdoor Function Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster...

ECOA Building Automation System Hardcoded SSH Credentials Vulnerability

ECOA building automation systems have hardcoded SSH credentials. Many versions are affected. ECOA Building Automation System Hard-coded Credentials SSH Access Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA...

ECOA Building Automation System Hardcoded SSH Credentials

ECOA Building Automation System Hard-coded Credentials SSH Access Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster System - TRANE 1...

ECOA Building Automation System Weak Default Credentials Vulnerability

ECOA Building Automation System Weak Default Credentials Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster System - TRANE 1.0 ECOA...

ECOA Building Automation System Authorization Bypass / Insecure Direct Object Reference

ECOA building automation systems suffer from authorization bypass and insecure direct object reference vulnerabilities. Many versions are affected. ECOA Building Automation System Authorization Bypass / IDOR Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version...