EUVD-2026-32645

Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface in various DLLs i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll can return a NULL pointer i.e., when no user is logged into the Triofox Server Agent Management Console. The returned NULL pointer is not checked before being...

EUVD-2025-205869

pcapetheraton is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function...

EUVD-2013-1691

Malware in sbrugna...

EUVD-2024-0614

Malicious code in bioql PyPI...

CVE-2023-1487

A vulnerability, which was classified as problematic, has been found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54. This issue affects the function 0x9C40208C/0x9C402000/0x9C402084/0x9C402088/0x9C402004/0x9C4060C4/0x9C4060CC/0x9C4060D0/0x9C4060D4/0x9C40A0DC/0x9C40A0D8/0x9C40A0DC/0x9C40A0E0 ...

CVE-2024-40459

An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function...

UBUNTU-CVE-2024-27766

An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the libmysqludfsys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed...

CVE-2024-1631

Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using...

CVE-2023-4020

An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory...

CVE-2023-4020

Summary: CVE-2023-4020 involves Silicon Labs TrustZone where an unvalidated input in a memory-communication library function allows reading/writing secure memory from non-secure memory. The issue is confirmed across multiple sources (NVD, Red Hat) describing an input-validation flaw in the TrustZ...

CVE-2023-29414

A CWE-120: Buffer Copy without Checking Size of Input Classic Buffer Overflow vulnerability exists that could cause user privilege escalation if a local user sends specific string input to a local function call...

CVE-2022-48337

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u " command suggested in the eta...

Enlightenment 0.25.3 Privilege Escalation

Title: Enlightenment Version: 0.25.3 LPE Author: nu11secur1ty Date: 12.26.2022 Vendor: https://www.enlightenment.org/ Software: https://www.enlightenment.org/download Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2022-37706 Description: The Enlightenment Version: 0.25.3 is...

CVE-2022-37706

enlightenmentsys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring...

emacs -- arbitary shell command execution vulnerability of ctags

lu4nx reports: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggeste...

PT-2022-24201 · Axiomatic · Bento4

Name of the Vulnerable Software and Affected Versions: Axiomatic Bento4 affected versions not specified Description: A problematic issue has been found, affecting the AP4 File::AP4 File function of the Mp42Hevc.cpp file in the mp42hevc component. This issue leads to denial of service and can be...

CVE-2022-36843

A heap-based overflow vulnerability in MHWRECOGLIBINFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault...

Command injection

oaliptaddBridgeIsolationRules on TP-Link TL-WR840N 6EU0.9.14.16 devices allows OS command injection because a raw string entered from the web interface an IP address field is used directly for a call to the system library function for iptables. NOTE: oaliptaddBridgeIsolationRules is not the only...

NewStart CGSL CORE 5.05 / MAIN 5.05 : dhcp Vulnerability (NS-SA-2019-0231)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has dhcp packages installed that are affected by a vulnerability: - There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd...

CVE-2019-6470

There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All...