TOTOLINK N600R 命令注入漏洞

The TOTOLINK N600R is a dual-band wireless router launched by Korean brand TOTOLINK in 2013, supporting concurrent operation in the 2.4GHz and 5GHz bands with a maximum wireless transmission rate of 300Mbps. The TOTOLINK N600R suffers from a command injection vulnerability that originates from...

Next.js 代码问题漏洞

Next.js is a React framework open-sourced by Vercel. A code issue vulnerability exists in versions of Next.js prior to 14.2.32 and 15.4.7, which stems from improper use of the next function and could lead to server-side request forgery...

CVE-2011-3350

masqmail 0.2.21 through 0.2.30 improperly calls seteuid in src/log.c and src/masqmail.c that results in improper privilege dropping...

BIT-MYSQL-CLIENT-2023-52968

MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 calls fixfieldsifneeded under mysqlderivedprepare when derived is not yet prepared, leading to a findfieldintable crash...

The vulnerability of the ctnetlink_del_expect() function in the netfilter component of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the ctnetlinkdelexpect function in the net/netfilter/nfconntracknetlink.c module of the netfilter component of the Linux operating system is related to the improper use of certain functions. Exploiting this vulnerability could allow an attacker to cause a service failure...

GPAC Code Issue Vulnerability

GPAC is an open source multimedia framework. A code issue vulnerability exists in GPAC version 2.5-DEV-rev228-g11067ea92-master, which stems from improper manipulation of a related function that results in a null pointer dereference...

WordPress plugin Strong Testimonials security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...

CVE-2024-28219

In imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy...

The vulnerability of Google GRPC’s remote procedure call system, related to insufficient input validation and improper implementation of functions, allows a perpetrator to trigger a service failure.

The vulnerability of Google GRPC process callouts is related to insufficient validation of input data and improper implementation of functions. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of the SSBD component in the Linux operating system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the SSBD component in the Linux operating system’s kernel is related to insufficient validation of input data and improper implementation of functions. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

CVE-2019-5292

Honor 10 Lite, Honor 8A, Huawei Y6 mobile phones with the versions before 9.1.0.217C00E215R3P1, the versions before 9.1.0.205C00E97R1P9, the versions before 9.1.0.205C00E97R2P2 have an information leak vulnerability. Due to improper function error records of some module, an attacker with the acce...

Moodle Design Bugs

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. A security vulnerability exists in Moodle version 2.8.x prior to 2.8.11, which stems...

PostgreSQL < 8.4.11 / 9.0.7 / 9.1.3 Multiple Vulnerabilities

Binary data 6817.prm...

Input validation

A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service browser crash via an invalid WksPictureInterface property value, which triggers an improper...

CVE-2008-1898

A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service browser crash via an invalid WksPictureInterface property value, which triggers an improper...

CVE-2001-0016

NTLM Security Support Provider NTLMSSP service does not properly check the function number in an LPC request, which could allow local users to gain administrator level access...