PT-2024-14341 · Tenda · Tenda Ax1803

Name of the Vulnerable Software and Affected Versions: Tenda AX1803 version 1.0.0.1 Description: The issue is related to a stack overflow that can occur via the iptv.city.vlan parameter in the formSetIptv function. Recommendations: For Tenda AX1803 version 1.0.0.1, as a temporary workaround,...

AZL-33284 CVE-2024-21646 affecting package azure-iot-sdk-c for versions less than 2022.01.21-2

Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remo...

CVE-2024-21646

Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remo...

charcutiers-traiteurs-yonne.fr Improper Access Control vulnerability OBB-3824350

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

NIST SP 800-53 Rev. 5 Updates: What You Need to Know About The Most Recent Patch Release (5.1.1)

On November 7th, the National Institute of Standards and Technology NIST issued an update to SP 800-53, a NIST-curated catalog of controls that organizations can implement to effectively manage security and privacy risk. In this blog we’ll cover the new and updated controls within patch release...

PT-2023-7977 · Freebsd · Freebsd

Name of the Vulnerable Software and Affected Versions: FreeBSD versions 12.4-RELEASE through 12.4-RELEASE-p8 FreeBSD versions 13.2-RELEASE through 13.2-RELEASE-p6 FreeBSD versions 14.0-RELEASE through 14.0-RELEASE-p1 Description: The pf4 packet filter in FreeBSD incorrectly validates TCP sequence...

CVE-2023-48235

Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONGMAX - lnum will cause the overflow. Impact is low, user interactio...

Multiple security updates for Trend Micro Apex One and Apex One as a Service (November 2023)

Overview Trend Micro Incorporated has released multiple security updates for Trend Micro Apex One and Apex One as a Service. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Privilege escalation due to a link following...

PYSEC-2023-224

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, th...

AZL-32107 CVE-2023-46118 affecting package rabbitmq-server for versions less than 3.11.24-1

RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service DoS attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API...

Vulnerability fixed in Oracle Supply Chain

Oracle has fixed a vulnerability in Agile PLM. A malicious party could exploit the vulnerability to gain sensitive information or full access to all data accessible to Oracle Agile PLM accessible data. Oracle has fixed the vulnerability in the following product: - Oracle Agile PLM...

Yifan YF325 httpd manage_request stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1766 Yifan YF325 httpd managerequest stack-based buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-34426 SUMMARY A stack-based buffer overflow vulnerability exists in the httpd managerequest functionality of Yifan YF325 v1.020221108. A...

Yifan YF325 httpd nvram.cgi authentication bypass vulnerability

Talos Vulnerability Report TALOS-2023-1762 Yifan YF325 httpd nvram.cgi authentication bypass vulnerability October 11, 2023 CVE Number CVE-2023-24479 SUMMARY An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.020221108. A specially crafted network...

CVE-2023-44389

Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface ZMI. All versions of Zope 4 and Zope 5 are affected. Patches will be released wit...

Trend Micro Mobile Security vulnerable to cross-site scripting

Overview Trend Micro Incorporated has released a security update for Trend Micro Mobile Security. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A cross-site scripting attack may be conducted if a user who is logged in to the...

CVE-2023-31167 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder Software on Windows allows Relative Path Traversal. SEL acSELerator Bay Screen Builder software is distributed by SEL-5033 SEL...

SUSE-SU-2023:3300-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.40.5 bsc1213905: - CVE-2023-38133: Fixed information disclosure. - CVE-2023-38572: Fixed Same-Origin-Policy bypass. - CVE-2023-38592: Fixed arbitrary code execution. - CVE-2023-38594: Fixed arbitrary code execution. -...

CVE-2023-39533

go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in th...

CVE-2023-39533 libp2p nodes vulnerable to attack using large RSA keys

go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in th...

Ivanti Releases Security Updates for EPMM to address CVE-2023-35081

Ivanti has identified and released patches for a directory traversal vulnerabilitylink is external CVE-2023-35081, CWE-22link is external in Ivanti Endpoint Manager Mobile EPMM. This vulnerability allows an authenticated attacker to write arbitrary files with the operating system privileges of th...