21 matches found
CVE-2025-1211
Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery SSRF due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://[email protected]/, the URI function will parse and see the host as 127.0.0.1 which is correct, and hackney...
CVE-1999-0322
The open function in FreeBSD allows local attackers to write to arbitrary files...
EUVD-2010-0322
Malware in sbrugna...
EUVD-2021-1982
Malware in sbrugna...
EUVD-2023-54722
Malicious code in bioql PyPI...
EUVD-2021-32701
Malicious code in bioql PyPI...
EUVD-2021-9459
Malicious code in bioql PyPI...
CVE-2025-34099 VICIdial vicidial_sales_viewer.php Unauthenticated Command Injection via Basic Auth Password
An unauthenticated command injection vulnerability exists in VICIdial versions 2.9 RC1 through 2.13 RC1, within the vicidialsalesviewer.php component when password encryption is enabled a non-default configuration. The application improperly passes the HTTP Basic Authentication password directly ...
CVE-2024-55555
Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values. The route/hash route defined in the invoiceninja/routes/client.p...
CVE-2022-36157
XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account...
CVE-2025-3144 MindSpore mindspore.numpy.fft.hfftn memory corruption
A vulnerability classified as problematic was found in MindSpore 2.5.0. Affected by this vulnerability is the function mindspore.numpy.fft.hfftn. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and ma...
CVE-2025-2923
A vulnerability, which was classified as problematic, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5Faddrencodelen of the file src/H5Fint.c. The manipulation of the argument pp leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has...
ROS-20250311-08
PQescapeLiteral, PQescapeIdentifier, PQescapeString and PQescapeStringConn functions are vulnerable to vulnerability libpq library of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. Exploitation of the vulnerability could allow an...
WAVLINK AC3000 adm.cgi set_ledonoff function command injection vulnerability
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which stems from the failure of the adm.cgi setledonoff function to correctly filter constructed command special characters, commands, etc. The...
ROS-20230416-10
A vulnerability in the qdiscgraft function net/sched/schapi.c of the traffic control subsystem of the Linux kernel is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
PT-2022-27594 · Tenda · Tenda Ac6
Name of the Vulnerable Software and Affected Versions: Tenda AC6V1.0 version 15.03.05.19 Description: A buffer overflow issue was discovered via the startIp parameter in the formSetPPTPServer function. This allows for potential exploitation. Recommendations: For Tenda AC6V1.0 version 15.03.05.19,...
Ffmpeg integer overflow vulnerability (CNVD-2025-01690)
FFmpeg is a complete solution for recording, converting and streaming audio and video from the Ffmpeg team. FFmpeg suffers from an integer overflow vulnerability that stems from a failure to properly validate data length in the g729parse function when processing specially crafted files. An attack...
CVE-2020-21595
libde265 v1.0.4 contains a heap buffer overflow in the mcluma function, which can be exploited via a crafted a file...
HP-UX 10.x - rs.F3000 Unauthorized Access
source: https://www.securityfocus.com/bid/6837/info The rs.F3000 binary is prone to an issue that may allow attackers to obtain unauthorized access to a vulnerable system. A denial of service attack is also possible. This is due to multiple instances of the system function being used in an unsafe...
OpenBSD 2.x 2.8 FTPd - glob() Remote Buffer Overflow
OpenBSD 2.x 2.8 FTPd - glob Remote Buffer Overflow // source: https://www.securityfocus.com/bid/2548/info The BSD ftp daemon and derivatives such as IRIX ftpd or the ftp daemon shipped with Kerberos 5 contain a number of buffer overflows that may lead to a compromise of root access to malicious...