Tenda AC18 setSchedWifi function buffer overflow vulnerability

The Tenda AC18 is a router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC18 version 15.03.05.05, which originates from the parameter schedStartTime/schedEndTime in the setSchedWifi function of file /goform/openSchedWifi, which fails to correctly validate the...

CVE-2023-52159

A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x before 1.0.4 allows remote attackers to trigger a denial of service grossd daemon crash or potentially execute arbitrary code in grossd via crafted SMTP transaction parameters that cause an incorrect strncat for a log entry...

Design/Logic Flaw

An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execute arbitrary code via the pickleload function of the serialize.py file...

CVE-2024-28425

greykite v1.0.0 was discovered to contain an arbitrary file upload vulnerability in the loadobj function at /templates/pickleutils.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-28424

zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpicklematerializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-22396

An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service DoS and potentially execute arbitrary code by sending a specially crafted IKEv2 payload...

CVE-2024-28425

greykite v1.0.0 was discovered to contain an arbitrary file upload vulnerability in the loadobj function at /templates/pickleutils.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-28425

greykite v1.0.0 was discovered to contain an arbitrary file upload vulnerability in the loadobj function at /templates/pickleutils.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2023-41505

An arbitrary file upload vulnerability in the Add Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2023-41505

An arbitrary file upload vulnerability in the Add Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

ROS-2-1316

2.1316 Multiple vulnerabilities in PostgreSQL CVE-2021-32027, CVE-2021-32028, CVE-2021-32029 1. Vulnerability Description: CVE-2021-32027 The vulnerability allows a remote attacker to execute arbitrary code on the target system. CVE-2021-32028, CVE-2021-32029 Vulnerability allows a remote user to...

BIT-LIMESURVEY-2022-48008

An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file...

Ubuntu: Security Advisory (USN-6677-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerabilities in Apache Axis, Apache Shiro and SnakeYAML affect IBM WebSphere Service Registry and Repository

Summary An execute arbitrary code vulnerability in Apache Axis CVE-2023-40743, an authentication bypass vulnerability in Apache Shiro CVE-2023-34478 and several vulnerabilities in SnakeYAML incl. remote code execution vulnerability CVE-2022-1471 affect IBM WebSphere Service Registry and Repositor...

Heap overflow

Heap overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows a privileged attacker to execute arbitrary code...

GHSA-V4CP-2Q7V-HG9Q livehelperchat Server-Side Template Injection

Server-Side Template Injection SSTI vulnerability in livehelperchat before 4.34, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhcweb/modules/lhfaq/faqweight.php...

Ubuntu: Security Advisory (USN-6651-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6627-1: libde265 vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that libde265 could be made to read out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a...

USN-6653-2: Linux kernel (AWS) vulnerabilities

It was discovered that a race condition existed in the ATM Asynchronous Transfer Mode subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-51780 It was...

CVE-2023-50735

Summary (CVE-2023-50735): A heap corruption vulnerability in the PostScript interpreter affects Lexmark devices. The issue can lead to arbitrary code execution and is described as exploitable remotely over a network with high impact on confidentiality, integrity, and availability (CVSS 3.1: 9.0)....