20 matches found
CVE-2026-43425 usb: image: mdc800: kill download URB on timeout
In the Linux kernel, the following vulnerability has been resolved: usb: image: mdc800: kill download URB on timeout mdc800deviceread submits downloadurb and waits for completion. If the timeout fires and the device has not responded, the function returns without killing the URB, leaving it activ...
EUVD-2010-2706
Malware in sbrugna...
EUVD-2010-4512
Malware in sbrugna...
EUVD-2022-1488
Malicious code in bioql PyPI...
DragonFly vulnerable to panics due to nil pointer dereference when using variables created alongside an error
We found two instances in the DragonFly codebase where the first return value of a function is dereferenced even when the function returns an error figures 9.1 and 9.2. This can result in a nil dereference, and cause code to panic. The codebase may contain additional instances of the bug. golang...
CVE-2024-11133
The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handlepdfdownloadrequest' function in all versions up to, and including, 3.9.9. This makes it possible for unauthenticated attackers to download event tickets...
PT-2022-12436 · Nicotine+ · Nicotine+
Name of the Vulnerable Software and Affected Versions: Nicotine+ versions 3.0.3 through 3.2.0 Description: A denial of service DoS issue exists, allowing a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character. This...
Nicotine+安全漏洞
Nicotine+ is a graphical client for the Soulseek peer-to-peer network. Designed to be a pleasant, free and open source FOSS alternative to the official Soulseek client, it provides additional functionality while staying synchronized with the Soulseek protocol. Nicotine+ version 3.0.3 and later A...
Raonwiz DEXT5 Path Traversal Vulnerability
Raonwiz DEXT5 is a set of HTML5-based file transfer solution from Raonwiz Korea. The product supports encrypted file transfer, form building, etc. DEXT5Upload is one of the file upload components. A path traversal vulnerability exists in DEXT5Upload version 2.7.1262310 and earlier versions, which...
Citrix UPD Finder - CTXUPDINFO
CTXUPDINFO.EXE Created Date: 8/29/2014 Updated Date: 10/03/2014 Where to download ? Certain legacy Citrix tools are now available on request only. Please submit the request here - https://forms.gle/obA39PEz5qpDiSPq8 Once we verify your request, we will provide access to the download location...
DSCheck Maintenance Assistant
Where to download ? Certain legacy Citrix tools are now available on request only. Please submit the request here - https://forms.gle/obA39PEz5qpDiSPq8 Once we verify your request, we will provide access to the download location. Description DSCheck Maintenance Assistant is designed to facilitate...
Full-Access Token Leakage
github.com/minio/minio is vulnerable to full-access token leakage. The vulnerability exists because the full-access token is visible in the GET URL of a download request...
CVE-2015-2875
Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi...
Design/Logic Flaw
The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data...
CVE-2011-5052
Stack-based buffer overflow in CoCSoft Stream Down 6.8.0 allows remote web servers to execute arbitrary code via a long response to a download request...
CVE-2010-2702
Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary...
CVE-2010-2702
The vulnerability CVE-2010-2702 affects Unreal Engine 1, 2 and 2.5 used by multiple games (e.g., Unreal Tournament 2004/2003, Postal 2, Raven Shield, SWAT4). Description: a buffer overflow in UGameEngine::UpdateConnectingMessage during downloads can allow remote code execution via a long LEVEL fi...
CVE-2010-2702
Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary...
CVE-2008-3519
The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform aka JBossEAP or EAP, possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain...
JetDB Direct Request Database Download
Binary data 1544.prm...