4606 matches found
PT-2023-23516 · Unknown · Jerryscript
Name of the Vulnerable Software and Affected Versions: Jerryscript version 3.0 commit 05dbbd1 Description: The issue is related to an out-of-memory problem in the malloc function. Recommendations: For Jerryscript version 3.0 commit 05dbbd1, consider restricting memory allocation to prevent...
PT-2023-23519 · Unknown · Jerryscript
Name of the Vulnerable Software and Affected Versions: Jerryscript version 3.0 commit 05dbbd1 Description: An Assertion Failure was discovered in Jerryscript via the jcontext raise exception at jerry-core/jcontext/jcontext.c. Recommendations: For Jerryscript version 3.0 commit 05dbbd1, consider...
PT-2023-15758 · Unknown · Modem Control Device
Name of the Vulnerable Software and Affected Versions: Modem control device affected versions not specified Description: The issue is related to a possible out of bounds write due to a missing bounds check in the modem control device. This could lead to local denial of service and requires System...
PT-2023-19999 · Unknown · Control Id Rhid
Name of the Vulnerable Software and Affected Versions: Control iD RHiD version 23.3.19.0 Description: A critical vulnerability has been found in Control iD RHiD, affecting an unknown part of the file /v2//. The manipulation leads to direct request and can be initiated remotely. The vendor was...
CVE-2023-1652 affecting package kernel for versions less than 5.15.107.1-2
CVE-2023-1652 affecting package kernel for versions less than 5.15.107.1-2. A patched version of the package is available...
CVE-2023-1989 affecting package kernel for versions less than 5.15.107.1-2
CVE-2023-1989 affecting package kernel for versions less than 5.15.107.1-2. A patched version of the package is available...
PT-2023-2523 · Frrouting +3 · Frrouting +3
Name of the Vulnerable Software and Affected Versions: FRRouting versions through 8.4 Description: An issue in bgpd allows attackers to cause a denial of service by crafting a BGP OPEN message with an option of type 0xff, leading to inconsistent boundary checks and potential out-of-bounds read or...
CVE-2023-2475
A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classified as problematic. This issue affects some unknown processing of the component System Message Handler. The manipulation of the argument 主题 leads to cross site scripting. The attack may be initiated remotely. The exploit has bee...
PT-2023-15510 · Jedox · Jedox
Name of the Vulnerable Software and Affected Versions: Jedox version 2020.2.5 Description: The issue is related to incorrect input validation for the default-storage-path in the settings page, allowing remote, authenticated users to specify the location as the Webroot directory. This can lead to...
PT-2023-15509 · Jedox · Jedox
Name of the Vulnerable Software and Affected Versions: Jedox version 2020.2.5 Description: A Stored cross-site scripting issue allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module log. This enables attackers to execute malicious scripts on...
PT-2023-22357 · Tenda · Tenda N301
Name of the Vulnerable Software and Affected Versions: Tenda N301 version 6.0, Firmware version 12.02.01.61 multi Description: The issue allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password due to cleartext transmission in...
PT-2023-19405 · Sourcecodester · Sourcecodester Ac Repair/Services System
Name of the Vulnerable Software and Affected Versions: SourceCodester AC Repair and Services System version 1.0 Description: A critical issue affects the processing of the file /admin/inquiries/view inquiry.php, where the manipulation of the id argument leads to sql injection. The attack can be...
PT-2023-18928 · Pimcore · Pimcore
Name of the Vulnerable Software and Affected Versions: pimcore/pimcore versions prior to 10.5.21 Description: The issue is related to Cross-site Scripting XSS - Reflected, which occurs when an application includes user input in its output without proper validation, allowing an attacker to inject...
PT-2023-2824 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The issue results from the lack of control of resource consumption when handling SMB2 SESSION SET...
PT-2023-13496 · Ibm · Ibm Cloud Pak For Data
Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Data versions 4.5 through 4.6 Description: The issue allows a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. Recommendations: For versions 4...
CVE-2023-30545
PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager Advanced Options - Database to arbitrarily read any file on the operating system when using SQL function LOADFILE in a SELECT request. This gives...
Design/Logic Flaw
PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager Advanced Options - Database to arbitrarily read any file on the operating system when using SQL function LOADFILE in a SELECT request. This gives...
UBUNTU-CVE-2023-25815
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the gettext function's implicit initialization no...
CVE-2023-30629 Vyper's raw_call with outsize=0 and revert_on_failure=False returns incorrect success value
Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the rawcall with revertonfailure=False and maxoutsize=0 receives the wrong response from rawcall. Depending on the...
CVE-2023-30626 Jellyfin vulnerable to directory traversal and file write causing arbitrary code execution
Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the ClientLogController, specifically /ClientLog/Document. When combined with a cross-site scripting vulnerability CVE-2023-30627, this can result...