PT-2024-11023 · Unknown · Contiki-Ng Tinydtls

Name of the Vulnerable Software and Affected Versions: Contiki-NG tinyDTLS through master branch 53a0d97 Description: An assertion failure in the check certificate request function allows attackers to cause a denial of service. This issue affects Contiki-NG tinyDTLS, enabling attackers to exploit...

DEBIAN-CVE-2024-23342

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Versions 0.18.0 and prior are vulnerable to the...

PT-2024-19447 · Beetl-Bbs · Beetl-Bbs

Name of the Vulnerable Software and Affected Versions: beetl-bbs version 2.0 Description: The issue is related to a Cross Site Scripting XSS flaw that allows attackers to execute arbitrary code. This is achieved by exploiting the keyword parameter in the "/index" API endpoint. Recommendations: Fo...

PT-2024-4875 · Solarwinds · Solarwinds Access Rights Manager

Name of the Vulnerable Software and Affected Versions: SolarWinds Access Rights Manager affected versions not specified Description: The issue is related to the createGlobalServerChannelInternal method in SolarWinds Access Rights Manager, which has weaknesses in its deserialization mechanism. Thi...

CVE-2024-23342 python-ecdsa vulnerable to Minerva attack on P-256

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Versions 0.18.0 and prior are vulnerable to the...

CVE-2024-23342 python-ecdsa vulnerable to Minerva attack on P-256

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Versions 0.18.0 and prior are vulnerable to the...

CVE-2024-23342 python-ecdsa vulnerable to Minerva attack on P-256

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Versions 0.18.0 and prior are vulnerable to the...

CVE-2024-23342

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Versions 0.18.0 and prior are vulnerable to the...

PT-2024-12024 · Jensen Of Scandinavia · Jensen Of Scandinavia Eagle 1200Ac

Name of the Vulnerable Software and Affected Versions: Jensen of Scandinavia Eagle 1200AC version V15.03.06.33 en Description: A command injection issue was discovered in the function formWriteFacMac, allowing attackers to execute arbitrary commands by manipulating the mac parameter. This enables...

PT-2024-15811 · Linzhaoguan · Linzhaoguan Pb-Cms

Name of the Vulnerable Software and Affected Versions: LinZhaoguan pb-cms version 2.0 Description: A problematic issue has been found in the Comment Handler component of the software, allowing for cross-site scripting through the manipulation of input, such as . This can be exploited remotely...

PT-2024-19481 · Flycms · Flycms

Name of the Vulnerable Software and Affected Versions: FlyCms version 1.0 Description: The issue is related to Cross Site Scripting XSS in the email settings of the website settings section. This allows for potential malicious script injection. Recommendations: For FlyCms version 1.0, as a...

PT-2024-1191 · Oracle · Oracle Webcenter Content

Name of the Vulnerable Software and Affected Versions: Oracle WebCenter Content version 12.2.1.4.0 Description: The issue is related to insufficient input validation in the Content Server component of Oracle WebCenter Content, allowing an unauthenticated attacker with network access via HTTP to...

PT-2024-14362 · Totolink · Totolink A3700R

Name of the Vulnerable Software and Affected Versions: TOTOlink A3700R version 9.1.2u.5822 B20200513 Description: The issue is related to a remote command execution RCE vulnerability. It can be exploited via the setTracerouteCfg function. Recommendations: For TOTOlink A3700R version 9.1.2u.5822...

PT-2024-14361 · Totolink · Totolink A3700R

Name of the Vulnerable Software and Affected Versions: TOTOlink A3700R version 9.1.2u.5822 B20200513 Description: The issue is related to a remote command execution RCE vulnerability. It can be exploited via the NTPSyncWithHost function. Recommendations: For version 9.1.2u.5822 B20200513, conside...

PT-2024-14364 · Totolink · Totolink A3700R

Name of the Vulnerable Software and Affected Versions: TOTOlink A3700R version 9.1.2u.5822 B20200513 Description: The issue is related to a remote command execution RCE vulnerability. It can be exploited via the setOpModeCfg function. Recommendations: For TOTOlink A3700R version 9.1.2u.5822...

PT-2024-1501 · Cisco · Cisco Telepresence Management Suite

Name of the Vulnerable Software and Affected Versions: Cisco TelePresence Management Suite affected versions not specified Description: The issue exists due to insufficient input validation by the web-based management interface, allowing an authenticated, remote attacker to conduct a cross-site...

PT-2024-1485 · Cisco · Cisco Prime Infrastructure +1

Name of the Vulnerable Software and Affected Versions: Cisco Prime Infrastructure affected versions not specified Cisco Evolved Programmable Network EPN Manager affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, remote...

PT-2024-2984 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 776 Description: The issue is related to an improper neutralization of special elements used in an OS command, allowing OS command injection. This can enable the creation of a reverse shell and the execution o...

PT-2024-1560 · Sap · Sap S/4Hana Finance For Advanced Payment Management

Name of the Vulnerable Software and Affected Versions: SAP S/4HANA Finance for Advanced Payment Management - versions SAPSCORE 128, S4CORE 107 Description: The issue is related to improper authorization checks in the SAP S/4HANA Finance for Advanced Payment Management. This could allow an attacke...

PT-2024-3586 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: Suite CRM version 7.14.2 Description: The issue is related to a Local File Inclusion LFI vulnerability, which allows an attacker to include local PHP files. This can enable a remote attacker to run or open files on the web server without havi...