PT-2024-4678 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in processing input data length parameters in the implementation of the Secure Boot protocol in Windows operating systems. This can allow a remote attacker to...

The vulnerability of the Node.js software platform, related to errors in processing input data, allows a hacker to execute arbitrary commands.

The vulnerability of the Node.js software platform is related to errors in processing input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of SIMATIC PCS, SIMATIC WinCC Runtime Professional, and SIMATIC WinCC control systems lies in the copying of buffers without checking the size of the input data. This allows a malicious actor to trigger malfunctions during maintenance operations.

The vulnerability of SIMATIC PCS, SIMATIC WinCC Runtime Professional, and SIMATIC WinCC control systems lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow attackers to cause malfunctions in the system’s operations...

The vulnerability of the software for monitoring and analyzing network traffic in industrial networks, SINEC Traffic Analyzer, arises from insufficient validation of input data. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the SINEC Traffic Analyzer software for monitoring and analyzing network traffic in industrial networks is related to insufficient verification of input data. Exploiting this vulnerability could allow an unauthorized attacker to gain unauthorized access to protected informati...

The vulnerability of the LDAP URL parser component in the Apache Directory LDAP API software allows a malicious actor to cause service failure.

The vulnerability of the LDAP URL parser component in Apache Directory LDAP API is related to the lack of control over the data entered by users. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of the Wi-Fi driver for Windows operating systems, allowing a hacker to execute arbitrary code

The vulnerability of Wi-Fi operating system Windows drivers is related to errors in processing input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted network packet...

ROS-20240611-05

The vulnerability of the Zabbix Workstation universal monitoring system server is related to errors in input data processing. of input data. Exploitation of the vulnerability could allow a remote attacker to execute an arbitrary code by injecting a specially crafted SQL query. arbitrary code by...

The vulnerability of the MileSight DeviceHub deployment platform, which stems from insufficient validation of input data, allows a violator to trigger a service failure.

The vulnerability of the MileSight DeviceHub deployment platform exists due to insufficient verification of input data. Exploiting this vulnerability could allow a remote attacker to cause service failures...

Cross-site Scripting(XSS)

silverstripe/framework is vulnerable to Cross-site Scripting XSS. The vulnerability is caused due to the lack of proper sanitization or encoding of user-input data when it is displayed in TreeDropdownField and TreeMultiSelectField, which allows an attacker to execute malicious JavaScript code...

The vulnerability of the WinRAR file archiver, related to errors in processing input data, allows a hacker to cause a service failure or replace the output displayed on the screen.

The vulnerability of the WinRAR file archiver is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause service failures or replace the actual output on the screen...

The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center’s date processing system, related to errors in handling input data, allows a perpetrator to execute arbitrary code.

The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center are related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

SUSE CVE-2021-47339

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-core: explicitly clear ioctl input data As seen from a recent syzbot bug report, mistakes in the compat ioctl implementation can lead to uninitialized kernel stack data getting used as input for driver ioctl handlers...

DEBIAN-CVE-2021-47339

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-core: explicitly clear ioctl input data As seen from a recent syzbot bug report, mistakes in the compat ioctl implementation can lead to uninitialized kernel stack data getting used as input for driver ioctl handlers...

UBUNTU-CVE-2021-47339

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-core: explicitly clear ioctl input data As seen from a recent syzbot bug report, mistakes in the compat ioctl implementation can lead to uninitialized kernel stack data getting used as input for driver ioctl handlers...

CVE-2021-47339

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-core: explicitly clear ioctl input data As seen from a recent syzbot bug report, mistakes in the compat ioctl implementation can lead to uninitialized kernel stack data getting used as input for driver ioctl handlers...

The vulnerability of the Zabbix Workstation universal monitoring system, related to errors in processing input data, allows a intruder to execute arbitrary code.

The vulnerability of the Zabbix Workstation universal monitoring system is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing a specially crafted SQL query remotely...

The vulnerability of the MSHTML platform in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the MSHTML platform in Windows operating systems is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely, provided that the user opens a specially crafted file...

The vulnerability of the disconnectVPN function in the microprogramming software for TOTOLINK X5000R allows a hacker to execute arbitrary commands.

The vulnerability of the disconnectVPN function in the microprogramming software for TOTOLINK X5000R lies in the lack of measures to protect input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Remote Code Execution (RCE)

microsoft.netcore.app.runtime is vulnerable to Remote Code Execution. The vulnerability is due to a stack buffer overrun in the .NET Double Parse routine. This allows attackers to execute arbitrary code on the affected system by providing malformed input data that is improperly handled by the...

CVE-2024-27941

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. The affected client systems do not properly sanitize input data before sending it to the SQL server. An attacker could use this vulnerability to compromise the whole database...