CVE-2024-39801

Multiple buffer overflow vulnerabilities exist in the qos.cgi qossettings functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer...

CVE-2024-39802

Multiple buffer overflow vulnerabilities exist in the qos.cgi qossettings functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer...

CVE-2024-39794

Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...

Microsoft Excel 代码问题漏洞

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code issue vulnerability exists in Microsoft Excel. An attacker could exploit the vulnerability to bypass certain functionality...

PT-2025-2548 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: A command execution issue exists in the update filter url.sh functionality. This allows an attacker to execute arbitrary commands using a specially crafted HTTP request. An attacker can...

Microsoft Windows Virtualization-Based Security Enclave 访问控制错误漏洞

Microsoft Windows Virtualization-Based Security Enclave Microsoft Windows VBS Enclave is a software-based trusted execution environment within the host application address space from Microsoft Corporation USA. An access control error vulnerability exists in Microsoft Windows Virtualization-Based...

Wavlink AC3000 wctrls static login vulnerability

Talos Vulnerability Report TALOS-2024-2034 Wavlink AC3000 wctrls static login vulnerability January 14, 2025 CVE Number CVE-2024-39754 SUMMARY A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead ...

Microsoft MapUrlToZone 安全漏洞

Microsoft MapUrlToZone is a lightweight console application written in C++ by Microsoft Corporation USA. A security vulnerability exists in Microsoft MapUrlToZone. An attacker exploiting this vulnerability could bypass certain functionality. The following products and versions are affected:Window...

PT-2025-1182 · Sap · Sap Netweaver Application Server Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server ABAP affected versions not specified Description: The issue is related to an obsolete functionality in SAP NetWeaver Application Server ABAP that did not perform necessary authorization checks. This allows an...

CVE-2024-47809

In the Linux kernel, the following vulnerability has been resolved: dlm: fix possible lkbresource null dereference This patch fixes a possible null pointer dereference when this function is called from requestlock as lkb-lkbresource is not assigned yet, only after validatelockargs by calling...

CVE-2024-54193

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix WARN in ivpuipcsendreceiveinternal Move pmruntimesetactive to ivpupminit so when ivpuipcsendreceiveinternal is executed before ivpupmenable it already has correct runtime state, even if last resume was not...

Huawei HarmonyOS Distributed Notification Module Competitive Conditions Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A competitive condition vulnerability exists in the Huawei HarmonyOS Distributed Notification Module, which can be exploited by an attacker to cause...

Huawei HarmonyOS Connectivity Module Privilege Control Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS Connectivity module, which can be exploited by an attacker to cause functionality anomalies...

CVE-2025-0398

A vulnerability has been found in longpi1 warehouse 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /resources/..;/inport/updateInport of the component Backend. The manipulation of the argument remark leads to cross site scripting. The...

CVE-2024-57809 PCI: imx6: Fix suspend/resume support on i.MX6QDL

In the Linux kernel, the following vulnerability has been resolved: PCI: imx6: Fix suspend/resume support on i.MX6QDL The suspend/resume functionality is currently broken on the i.MX6QDL platform, as documented in the NXP errata ERR005723: https://www.nxp.com/docs/en/errata/IMX6DQCE.pdf This patc...

CVE-2024-57809 PCI: imx6: Fix suspend/resume support on i.MX6QDL

In the Linux kernel, the following vulnerability has been resolved: PCI: imx6: Fix suspend/resume support on i.MX6QDL The suspend/resume functionality is currently broken on the i.MX6QDL platform, as documented in the NXP errata ERR005723: https://www.nxp.com/docs/en/errata/IMX6DQCE.pdf This patc...

CVE-2024-48881 bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again

In the Linux kernel, the following vulnerability has been resolved: bcache: revert replacing ISERRORNULL with ISERR again Commit 028ddcac477b "bcache: Remove unnecessary NULL point check in node allocations" leads a NULL pointer deference in cachesetflush. 1721 if !ISERRORNULLc-root 1722...

Drupal Open Social allows Functionality Misuse

The distribution didn't validate the flood control limits on the password reset form correctly resulting in a potential attacker flooding the password reset which could result in a Denial of Service. Fortunately the message does not disclose any information to the attacker...

GHSA-63WG-87QV-RW4R Drupal Open Social allows Functionality Misuse

The distribution didn't validate the flood control limits on the password reset form correctly resulting in a potential attacker flooding the password reset which could result in a Denial of Service. Fortunately the message does not disclose any information to the attacker...

CVE-2024-13274

Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5...