PT-2022-34336 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.257 Description: The issue concerns a NULL pointer dereference in the steam recv report and steam send report functions. This problem was introduced in version v4.18 and is fixed in Linux Kernel version...

PT-2022-33884 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.61 Description: A potential memory leak issue exists in the mt76x02u mcu send msg function of the mt76x02u driver. The actual impact and attack plausibility have not yet been proven. Recommendations: For...

SAMSUNG Mobile devices 资源管理错误漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from Samsung South Korea. A resource management error vulnerability exists in the SMR Sep-2022 Release 1 version of SAMSUNG Mobile devices, which stems from a post-release reuse vulnerability in the...

Sql injection

Tabit - arbitrary SMS send on Tabits behalf. The resend OTP API of tabit allows an adversary to send messages on tabits behalf to anyone registered on the system - the API receives the parameters: phone number, and CustomMessage, We can use that API to craft malicious messages to any user of the...

CVE-2022-34771 Tabit - arbitrary SMS send on Tabits behalf

Tabit - arbitrary SMS send on Tabits behalf. The resend OTP API of tabit allows an adversary to send messages on tabits behalf to anyone registered on the system - the API receives the parameters: phone number, and CustomMessage, We can use that API to craft malicious messages to any user of the...

CVE-2022-34771

CVE-2022-34771 concerns Tabit’s resend OTP API, which accepts parameters including a phone number and a CustomMessage. The connected sources describe an adversary being able to send messages on Tabit’s behalf to any registered user, potentially enabling template injection (e.g., using {{OTP}} in ...

FusionPBX 命令注入漏洞

FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conference server and voice application server. A security vulnerability exists in FusionPBX version 5.0.1, which originates from a command...

PT-2022-22603 · Fusionpbx · Fusionpbx

Name of the Vulnerable Software and Affected Versions: FusionPBX version 5.0.1 Description: A command injection issue was found in FusionPBX via the /fax/fax send.php endpoint. This allows for potential command execution. Recommendations: For FusionPBX version 5.0.1, update to a version that...

Fedora: Security Advisory for rust-ffsend (FEDORA-2022-dfa24fa7d4)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: rust-ffsend-0.2.71-3.fc35

Easily and securely share files from the command line. A fully featured Firef ox Send client...

[SECURITY] Fedora 36 Update: rust-ffsend-0.2.76-2.fc36

Easily and securely share files from the command line. A fully featured Send client...

VulnCheck KEV: CVE-2022-29303

SolarView Compact contains a command injection vulnerability due to improper validation of input values on the send test mail console of the product's web server...

audio_aligner_app path traversal vulnerability

audioalignerapp is a kaldi-based text alignment Web application open sourced by LongmaoTeamTf. audioalignerapp 2020-01-10 and earlier versions contain a path traversal vulnerability that stems from Flask's sendfile function failing to properly filter resources or file path, which can be exploited...

equanimity path traversal vulnerability

equanimity is a world-building game by A. F. Dudley, a solo developer with an emphasis on squad-based turn-based combat and balance. equanimity 2014-04-23 and earlier versions are vulnerable to a path traversal vulnerability that stems from a failure of Flask's sendfile function to properly filte...

CVE-2022-30752

Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFIAPSTASTATECHANGED action...

CVE-2022-31587

The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31576

The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31586

The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31587

The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31576

The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...