PT-2024-30174 · Trendnet · Trendnet Tew-752Dru

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-752DRU version 1.03B01 Description: The issue is due to a lack of length verification for the service field in gena.cgi, leading to a buffer overflow. This can cause the remote target device to crash or allow attackers to execute...

PT-2024-1046 · Mattermost +2 · Mattermost +3

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.13 through 16.5.6 GitLab CE/EE versions 16.6 through 16.6.4 GitLab CE/EE versions 16.7 through 16.7.2 Description: The issue is related to incorrect authorization checks in GitLab, allowing a user to abuse...

PT-2019-6018 · Schneider Electric · Modicon Bmxnor0200

Name of the Vulnerable Software and Affected Versions: Modicon BMXNOR0200H all firmware versions Description: The issue is related to improper access control, which could allow unauthorized users to execute commands when using the IEC 60870-5-104 protocol. This could potentially enable a remote...

OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)

It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...