PT-2022-3934 · Totolink · Totolink A950Rg

Name of the Vulnerable Software and Affected Versions: TOTOLink A950RG versions V4.1.2cu.5204 B20210112 through V5.9c.4050 B20190424 Description: The issue is related to the "Main" function of the TOTOLink A950RG router's firmware, which lacks input data sanitization. This allows a remote attacke...

PT-2022-3858 · Totolink · Totolink T10

Name of the Vulnerable Software and Affected Versions: TOTOLink T10 version V5.9c.5061 B20200511 Description: The issue is related to the lack of input data sanitization in the "Main" function of the TOTOLink T10 mesh system. This allows a remote attacker to execute arbitrary commands through the...

PT-2022-3895 · Totolink · Totolink A860R

Name of the Vulnerable Software and Affected Versions: TOTOLink A860R version V4.1.2cu.5182 B20201027 Description: The issue is related to a command injection vulnerability in the "Main" function of the TOTOLink A860R router's firmware. This vulnerability is caused by the lack of input data...

PT-2022-3857 · Totolink · Totolink A800R

Name of the Vulnerable Software and Affected Versions: TOTOLink A800R version 4.1.2cu.5137 B20200730 Description: The issue is related to a command injection vulnerability in the "Main" function of the TOTOLink A800R router's firmware. This vulnerability is caused by the lack of input data...

PT-2022-3894 · Totolink · Totolink A3100R

Name of the Vulnerable Software and Affected Versions: TOTOLink A3100R version 4.1.2cu.5050 B20200504 Description: The issue is related to a command injection vulnerability in the "Main" function, which is caused by a lack of input data sanitization. This allows attackers to execute arbitrary...

Solaris/SPARC - setuid(0) + chmod (/bin/ksh) + exit(0) Shellcode

/ sparcsolarischmod.c - Solaris/SPARC chmod shellcode Copyright c 2022 Marco Ivaldi Solaris/SPARC setuid/chmod/exit shellcode. Tested on: SunOS 5.10 GenericVirtual sun4u sparc SUNW,SPARC-Enterprise / char sc = / Solaris/SPARC chmod shellcode 12 + 32 + 20 = 64 bytes / / setuid0 / "\x90\x08\x3f\xff...

GHSA-QQ97-VM5H-RRHG OCI Manifest Type Confusion Issue

Impact Systems that rely on digest equivalence for image attestations may be vulnerable to type confusion. Patches Upgrade to at least v2.8.0-beta.1 if you are running v2.x release. If you use the code from the main branch, update at least to the commit after...

CVE-2021-45742

TOTOLINK A720R v4.1.5cu.470B20200911 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

Command injection

TOTOLINK A720R v4.1.5cu.470B20200911 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

CVE-2021-46328

Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow via the component libcstartmain...

CVE-2021-46328

Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow via the component libcstartmain...

Moddable SDK 缓冲区错误漏洞

Moddable SDK is a software development kit SDK for IoT embedded software development from Moddable, U.S. Moddable SDK in v11.5.0 is vulnerable to a heap buffer overflow vulnerability stemming from a boundary error in component libcstartmain when handling untrusted input. A remote attacker could...

main-board.com Cross Site Scripting vulnerability OBB-2333794

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

@agoric/cosmic-swingset (>=0.10.8 <=0.18.0), @agoric/ertp (>=0.1.4 <=0.4.1) +18 more potentially affected by CVE-2021-23543 via realms-shim (=1.2.2)

realms-shim NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on realms-shim and may be impacted: - @agoric/cosmic-swingset =0.10.8, =0.1.4, =0.0.1, =0.1.1, =0.0.1, =0.0.20, =0.1.0, =2.0.1, =1.0.0, =0.0.1, =0.4.1, =0.0.6, =0.0.1-alpha2,...

PT-2022-15022 · Unknown · Puddingbot

Name of the Vulnerable Software and Affected Versions: PuddingBot versions 0.0.6-b933652 and prior Description: PuddingBot is a group management bot. In the affected versions, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked an...

UBUNTU-CVE-2021-44590

In libming 0.4.8, a memory exhaustion vulnerability exist in the function cws2fws in util/main.c. Remote attackers could launch denial of service attacks by submitting a crafted SWF file that exploits this vulnerability...

CVE-2020-23026

A NULL pointer dereference in the main function dhry1.c of dhrystone 2.1 causes a denial of service DoS...

CVE-2020-23026

A NULL pointer dereference in the main function dhry1.c of dhrystone 2.1 causes a denial of service DoS...

Null pointer dereference

A NULL pointer dereference in the main function dhry1.c of dhrystone 2.1 causes a denial of service DoS...

UBUNTU-CVE-2020-23026

A NULL pointer dereference in the main function dhry1.c of dhrystone 2.1 causes a denial of service DoS...