Tenda AC23 输入验证错误漏洞

Tenda AC23 is a home dual-band wireless router launched by Tenda, focusing on large home coverage and high-speed transmission, supporting 802.11acWave2 technology, dual-band concurrent rate up to 2033Mbps. The Tenda AC23 suffers from a stack buffer overflow vulnerability that stems from the...

PT-2023-27135 · Webchess · Webchess

Name of the Vulnerable Software and Affected Versions: webchess version 1.0 Description: A SQL injection issue was discovered in webchess via the $playerID parameter at the "mainmenu.php" endpoint. However, it is disputed by a third party who claims that the $playerID is a session variable...

PT-2023-4338 · Softing · Softing Edgeaggregator

Name of the Vulnerable Software and Affected Versions: Softing edgeAggregator affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. User interaction is required to exploit this issue, where th...

Nozomi Networks Guardian/CMC SQL Injection Vulnerability

Nozomi Networks Guardian/CMC is a centralized management console from Nozomi Networks, Inc. in the United States. An SQL injection vulnerability exists in Nozomi Networks Guardian/CMC that stems from incorrect input validation of sort parameters...

CVE-2023-24698

Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request...

CVE-2023-24698

Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request...

Directory traversal

Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request...

CVE-2023-24698

Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request...

CVE-2023-24698

CVE-2023-24698 affects Foswiki up to v2.1.7, specifically the Foswiki::Sandbox component. The issue is insufficient parameter validation that allows directory traversal when a crafted web request is made. Impact: potential access to restricted filesystem areas. Affected software: Foswiki v2.1.7 a...

CVE-2023-24698

Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request...

Huawei HarmonyOS Security Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that stems from insufficient validation of parameters. An attacker exploiting this vulnerability can...

Huawei HarmonyOS Security Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that stems from insufficient validation of parameters. An attacker exploiting this vulnerability can...

Huawei HarmonyOS Security Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that stems from insufficient validation of parameters. An attacker exploiting this vulnerability can...

CVE-2023-25521

NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of service, information...

Design/Logic Flaw

NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of service, information...

CVE-2023-25521

NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of service, information...

Lack of checks for non-zero values

Lines of code Vulnerability details Impact Lack of propper parameter validation Proof of Concept The GetPoolByLptDenom function takes lptDenom as an input parameter and uses it right away as an argument to retrieve a pool from the KVStore. However, if it is empty or invalid, the function will...

PT-2023-21411 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue allows an authenticated attacker to edit an arbitrary channel post when creating a playbook run via the "/dialog API" endpoint. This is due to Mattermost's failure to validate...

CVE-2023-23300

The Toybox.Cryptography.Cipher.initialize API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the...

CVE-2023-23300

The Toybox.Cryptography.Cipher.initialize API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the...