23 matches found
Espressif ESP-IDF 数字错误漏洞
Espressif ESP-IDF is an IoT development framework developed by Espressif, a Chinese company. Versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6 of Espressif ESP-IDF contain numerical error vulnerabilities. These vulnerabilities stem from integer underflow during the processing ofEAP-WSC packets in th...
CVE-2023-52334
Allegra downloadAttachmentGlobal Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a...
CVE-2023-52333
Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that...
CVE-2023-51648
Allegra getFileContentAsString Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the product implements a...
CVE-2023-51642
Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a...
CVE-2023-51641
Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a...
CVE-2023-52334
CVE-2023-52334 concerns Allegra’s downloadAttachmentGlobal path handling. The vulnerability stems from insufficient validation of a user-supplied path before file operations, enabling directory traversal and potential disclosure of stored credentials. Multiple connected sources (NVD/NVD mirror, Z...
CVE-2023-52334 Allegra downloadAttachmentGlobal Directory Traversal Information Disclosure Vulnerability
Allegra downloadAttachmentGlobal Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a...
CVE-2023-52333 Allegra saveFile Directory Traversal Remote Code Execution Vulnerability
Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that...
CVE-2023-52333 Allegra saveFile Directory Traversal Remote Code Execution Vulnerability
Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that...
CVE-2023-51648
CVE-2023-51648 affects Allegra, via the getFileContentAsString method which is vulnerable to directory traversal information disclosure. The root cause is improper validation of a user-supplied path used in file operations, enabling disclosure of sensitive data including stored credentials. Some ...
CVE-2023-51648 Allegra getFileContentAsString Directory Traversal Information Disclosure Vulnerability
Allegra getFileContentAsString Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the product implements a...
CVE-2023-51642
CVE-2023-51642 involves Allegra’s loadFieldMatch deserialization, where untrusted data is deserialized due to improper input validation. This leads to remote code execution in the LOCAL SERVICE context. Attack requires authentication, but Allegra’s registration mechanism can create a user with su...
CVE-2023-51642 Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability
Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a...
CVE-2023-51641 Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability
Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a...
CVE-2023-51641 Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability
Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a...
CVE-2024-32879
Python Social Auth Django contains a vulnerability (CVE-2024-32879) where third-party authentication user IDs are not case-sensitive due to the database collation before version 5.4.1, allowing mismatched IDs to be treated as equal. The issue is mitigated by upgrading to 5.4.1, which fixes the im...
Allegra getFileContentAsString Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the product implements a registration mechanism that can be used to create a new user with a sufficient privilege...
Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The specif...
Allegra downloadAttachmentGlobal Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. Th...