FormosaSoft ee-class 安全漏洞

FormosaSoft ee-class is a recording software from China-based FormosaSoft. A security vulnerability exists in versions prior to FormosaSoft ee-class 20240326.13r14494, which stems from failure to properly validate certain page parameters, which could allow a remote attacker with regular privilege...

Ragic Enterprise Cloud Database 安全漏洞

Ragic Enterprise Cloud Database is an enterprise cloud database from Ragic, Inc. A security vulnerability exists in versions of Ragic Enterprise Cloud Database prior to 2024/08/08 09:45:25, which stems from failure to properly validate specific page parameters, allowing an unauthenticated, remote...

CVE-2024-9923

The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access them...

TEAMPLUS Team+ 安全漏洞

TEAMPLUS Team+ is an enterprise private cloud communication and collaboration platform from China Interactive Ares TEAMPLUS. A security vulnerability exists in TEAMPLUS Team+ that stems from incorrect validation of specific page parameters, which allows a remote attacker with administrator...

TEAMPLUS Team+ 安全漏洞

TEAMPLUS Team+ is an enterprise private cloud communication and collaboration platform from China Interactive Ares TEAMPLUS. A security vulnerability exists in TEAMPLUS Team+ that originates from incorrectly validating specific page parameters, which allows an unauthenticated, remote attacker to...

PT-2024-39937 · Teamplus Technology · Team+

Name of the Vulnerable Software and Affected Versions: Team+ versions affected versions not specified Description: The issue is related to the improper validation of a specific page parameter in Team+ by TEAMPLUS TECHNOLOGY, allowing unauthenticated remote attackers to read arbitrary system files...

PT-2024-39936 · Teamplus Technology · Team+

Name of the Vulnerable Software and Affected Versions: Team+ from TEAMPLUS TECHNOLOGY affected versions not specified Description: The issue concerns a failure to properly validate a specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands and potentiall...

UBUNTU-CVE-2024-48949

The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S.gtesig.eddsa.curve.n || sig.S.isNeg" validation...

UBUNTU-CVE-2024-47663

In the Linux kernel, the following vulnerability has been resolved: staging: iio: frequency: ad9834: Validate frequency parameter value In ad9834writefrequency clkgetrate can return 0. In such case ad9834calcfreqreg call will lead to division by zero. Checking 'if fout clkfreq / 2' doesn't protec...

Cisco Nexus Dashboard 安全漏洞

Cisco Nexus Dashboard is a single console from Cisco, Inc. It can simplify the operation and management of data center networks. A security vulnerability exists in Cisco Nexus Dashboard that stems from improper user authorization and insufficient validation of command parameters. Allows an...

PT-2024-18669 · Cisco · Cisco Meraki Z Series Teleworker Gateway +2

Name of the Vulnerable Software and Affected Versions: Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices affected versions not specified Description: The issue is due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker cou...

PLANET switch devices 跨站脚本漏洞

PLANET switch devices are a series of switch devices from the Chinese company PLANET. A cross-site scripting vulnerability exists in PLANET switch devices, which stems from improper validation of web application parameters and is susceptible to stored cross-site scripting attacks...

CVE-2024-47087

This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters Client ID, DPID or BOID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive...

PT-2024-32401 · Unknown · Apex Softcell Ld Geo

Name of the Vulnerable Software and Affected Versions: Apex Softcell LD Geo affected versions not specified Description: The issue exists due to improper validation of certain parameters Client ID, DPID, or BOID in the API endpoint. An authenticated remote attacker could exploit this by...

Cisco IOS XR 安全漏洞

Cisco IOS XR is an operating system developed by Cisco USA for its network devices. A security vulnerability exists in Cisco IOS XR that stems from incorrect validation of parameters passed to specific CLI commands...

Trusted Firmware-M 安全漏洞

Linaro Trusted Firmware-M Tf-M is a reference implementation of the Platform Security Architecture Psa IoT security framework from Linaro, UK. A security vulnerability exists in Trusted Firmware-M version 2.0.0 and prior versions, which stems from a lack of parameter validation in the logging...

CVE-2024-8328

Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary JavaScript code and perform Reflected Cross-site scripting attacks...

Gether 6SHR System SQL注入漏洞

Gether 6SHR System is a system from Gether, Inc. Gether 6SHR System suffers from a SQL injection vulnerability that originates from not properly validating specific page parameters, which allows remote attackers with regular privileges to inject SQL commands to read, modify, and delete database...

HWA JIUH DIGITAL Easy test Online Learning and Testing Platform 跨站脚本漏洞

HWA JIUH DIGITAL Easy test Online Learning and Testing Platform is an Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL. A cross-site scripting vulnerability exists in HWA JIUH DIGITAL Easy test Online Learning and Testing Platform versions prior to 24A01, which stems from...

Tenda G3 Buffer Overflow Vulnerability (CNVD-2024-40839)

Tenda G3 is a Qos Vpn router from Tenda China. A buffer overflow vulnerability exists in Tenda G3 version 15.11.0.20, which is caused by the enable/level/module parameter of the formSetDebugCfg function in the /goform/setDebugCfg file failing to correctly validate the length of the input data,...