3026 matches found
CVE-2022-50790
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated vulnerability that allows remote attackers to access live radio stream information through webplay or ffmpeg scripts. Attackers can exploit the vulnerability by calling specific web scripts to disclose radio stream...
CVE-2022-50787
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the username parameter that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated username input to execute arbitrary HTML and JavaScript code in victi...
CVE-2022-50692
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an insufficient session expiration vulnerability that allows attackers to reuse old session credentials. Attackers can exploit weak session management to potentially hijack active user sessions and gain unauthorized access to the...
CVE-2022-50692
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an insufficient session expiration vulnerability that allows attackers to reuse old session credentials. Attackers can exploit weak session management to potentially hijack active user sessions and gain unauthorized access to the...
CVE-2022-50694
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an SQL injection vulnerability in the 'username' POST parameter of index.php that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through the username parameter to bypass authentication and potentially access...
CVE-2022-50792 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated File Disclosure Vulnerability
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive system files. Attackers can exploit the vulnerability by manipulating the 'file' GET parameter to disclose arbitrary files on the affected...
CVE-2022-50790 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Radio Stream Disclosure
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated vulnerability that allows remote attackers to access live radio stream information through webplay or ffmpeg scripts. Attackers can exploit the vulnerability by calling specific web scripts to disclose radio stream...
CVE-2022-50791 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Conditional Command Injection via ping.php
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains a conditional command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory. Unauthenticated attackers can execute commands by making a single HTTP POST request to the vulnerable ping.php script,...
CVE-2022-50787 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Stored Cross-Site Scripting
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the username parameter that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated username input to execute arbitrary HTML and JavaScript code in victi...
CVE-2022-50787 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Stored Cross-Site Scripting
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the username parameter that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated username input to execute arbitrary HTML and JavaScript code in victi...
CVE-2022-50694
Summary: SOUND4 impacts (IMPACT, FIRST, PULSE, Eco) up to version 2.x contain an SQL injection in the POST parameter username of index.php, allowing an attacker to manipulate database queries. The root cause is unvalidated input leading to authentication bypass and potential access to sensitive d...
CVE-2022-50692 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Insufficient Session Expiration Vulnerability
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an insufficient session expiration vulnerability that allows attackers to reuse old session credentials. Attackers can exploit weak session management to potentially hijack active user sessions and gain unauthorized access to the...
CVE-2023-54195
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix timeout of a call that hasn't yet been granted a channel afsmakecall calls rxrpckernelbegincall to begin a call which may get stalled in the background waiting for a connection to become available; it then calls...
CVE-2023-54325 crypto: qat - fix out-of-bounds read
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix out-of-bounds read When preparing an AER-CTR request, the driver copies the key provided by the user into a data structure that is accessible by the firmware. If the target device is QAT GEN4, the key size is...
CVE-2023-54195
CVE-2023-54195 affects the Linux kernel’s rxrpc stack. A call that hasn’t been granted a channel could timeout prematurely because rxrpc_kernel_set_max_life() started the call timer before a connection was assigned, risking a NULL pointer dereference. The published fixes note to record timeouts i...
CVE-2023-54195 rxrpc: Fix timeout of a call that hasn't yet been granted a channel
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix timeout of a call that hasn't yet been granted a channel afsmakecall calls rxrpckernelbegincall to begin a call which may get stalled in the background waiting for a connection to become available; it then calls...
PT-2025-54153
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a memory leak in the ptp qoriq probe function within the ptp qoriq module. Smatch, a static analysis tool, identified that memory allocated using ioremap for th...
PT-2025-54236
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive log files. Attackers can directly browse the /log directory to retrieve system and sensitive information without authentication...
SOUND4多款产品 访问控制错误漏洞
SOUND4 IMPACT and others are products of SOUND4, a French company.SOUND4 IMPACT is a professional audio processor for broadcasting.SOUND4 FIRST is an audio processor for broadcasting.SOUND4 PULSE is an audio processor. An Access Control Error vulnerability exists in various SOUND4 products, which...
SOUND4多款产品 跨站脚本漏洞
SOUND4 IMPACT and others are products of SOUND4, a French company.SOUND4 IMPACT is a professional broadcast audio processor.SOUND4 FIRST is a broadcast audio processor.SOUND4 PULSE is an audio processor. A cross-site scripting vulnerability exists in several SOUND4 products that stems from an...