4604 matches found
PT-2022-9652 · WordPress · Labtools
Name of the Vulnerable Software and Affected Versions: LabTools WordPress plugin versions 1.0 and earlier Description: The issue concerns a lack of proper authorization and CSRF check when deleting publications. This allows any authenticated users, such as subscribers, to delete arbitrary...
PT-2022-16117 · Nimforum · Nimforum
Name of the Vulnerable Software and Affected Versions: Nimforum versions prior to 2.2.0 Description: The issue allows any forum user to create a new thread or post that includes a reference to a local file on the host operating system. Nimforum will render the file if possible. This can be done...
UBUNTU-CVE-2022-21720
GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a patch for this issue. As a workaround, disabling the Entities update right prevents exploitation...
UBUNTU-CVE-2022-21722
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially...
CVE-2022-21723 Out-of-bounds read in multipart parsing in PJSIP
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause...
CVE-2022-21722
CVE-2022-21722 affects PJPROJECT (PJMEDIA) used by PJSCI/PJSIP. In 2.11.1 and earlier, certain incoming RTP/RTCP packets can cause out-of-bounds read access due to multiple code paths; this impacts users accepting RTP/RTCP streams. A patch is available as a commit in the master branch. There are ...
CVE-2022-21722
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially...
CVE-2021-45480 affecting package kernel 5.10.189.1-1
CVE-2021-45480 affecting package kernel 5.10.189.1-1. A patched version of the package is available...
CVE-2021-28715 affecting package kernel 5.10.189.1-1
CVE-2021-28715 affecting package kernel 5.10.189.1-1. A patched version of the package is available...
PT-2022-4912 · Tcl · Tcl Linkhub Mesh Wi-Fi
Name of the Vulnerable Software and Affected Versions: TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 Description: A buffer overflow vulnerability exists in the GetValue functionality. This issue is related to the handling of the libcommonprod.so binary, where a specially-crafted configuration value can...
PT-2022-7540 · Hdf5 +3 · Hdf5 +3
Name of the Vulnerable Software and Affected Versions: HDF5 version 1.13.1-1 Description: The issue is related to a Divide By Zero vulnerability in the H5T complete copy function, located in the H5T.c file of the HDF5 library. This vulnerability can cause an arithmetic exception, leading to a...
CVE-2021-41496 affecting package numpy 1.16.6-2
CVE-2021-41496 affecting package numpy 1.16.6-2. A patched version of the package is available...
PT-2022-1525 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in the Windows Certificate authentication procedure, allowing an attacker to conduct spoofing attacks. It is associated with data substitution, enabling...
PT-2022-12528 · Gpac · Gpac
Name of the Vulnerable Software and Affected Versions: GPAC version 1.0.1 Description: A Pointer Dereference issue exists via the gf hinter finalize function. This issue allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world...
PT-2021-14825 · Lantronix · Lantronix Premierwave 2050
Name of the Vulnerable Software and Affected Versions: Lantronix PremierWave 2050 version 8.9.0.0R4 Description: A directory traversal issue exists in the Web Manager FsTFtp functionality, allowing a specially crafted HTTP request to potentially overwrite FsTFtp files. This can be triggered by an...
PT-2021-14831 · Garrett Metal Detectors · Garrett Metal Detectors Ic Module Cma
Name of the Vulnerable Software and Affected Versions: Garrett Metal Detectors iC Module CMA version 5.0 Description: A stack-based buffer overflow issue exists in the CMA readfile function of the Garrett Metal Detectors iC Module. The iC Module provides an authenticated command-line interface ov...
PT-2021-22370 · Ibm · Ibm Spectrum Copy Data Management
Name of the Vulnerable Software and Affected Versions: IBM Spectrum Copy Data Management versions 2.2.13 and earlier Description: The issue is related to weak authentication and password rules, and incorrect handling of default credentials for the Spectrum Copy Data Management Admin console...
PT-2021-16899 · Publify · Publify
Name of the Vulnerable Software and Affected Versions: publify versions v8.0 through v9.2.4 Description: The issue is related to stored XSS due to an unrestricted file upload. This allows a user with the publisher role to inject malicious JavaScript via an uploaded html file. Recommendations: For...
CVE-2021-38593 affecting package qt5-qtsvg 5.12.11-4
CVE-2021-38593 affecting package qt5-qtsvg 5.12.11-4. A patched version of the package is available...
PT-2021-23751 · Unknown · Sourcecodester Simple Subscription Website
Name of the Vulnerable Software and Affected Versions: Sourcecodester Simple Subscription Website version 1.0 Description: A SQL Injection issue exists via the login, allowing potential exploitation. Recommendations: For version 1.0, consider disabling the login functionality until a patch is...