102 matches found
PT-2024-34196 · Cloudways · Cloudways Breeze
Name of the Vulnerable Software and Affected Versions: Cloudways Breeze versions 2.1.14 and earlier Description: The issue is related to a Missing Authorization vulnerability in Cloudways Breeze, which allows exploitation due to incorrectly configured access control security levels...
PT-2024-9615
Name of the Vulnerable Software and Affected Versions GStreamer versions prior to 1.24.10 Description A vulnerability has been identified in the gst wavparse smpl chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of...
PT-2024-9202 · Libjxl +5 · Libjxl +5
Name of the Vulnerable Software and Affected Versions: LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99 libjpeg affected versions not specified libmozjs-115-0-115.15.0-4.1 libmozjs-128-0-128.5.1-3.1 libjxl-devel-0.11.1-1.1 qt6-webengine Description: An out-of-bounds...
PT-2024-2579 · Cisco · Cisco Ios Xe +1
Name of the Vulnerable Software and Affected Versions: Cisco IOS and Cisco IOS XE affected versions not specified Description: The issue is related to the incorrect handling of LISP packets, which could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in ...
PT-2024-23088 · Kerlink +1 · Kerlink Firewall +2
Name of the Vulnerable Software and Affected Versions: ChirpStack chirpstack-mqtt-forwarder versions 4.2.0 and earlier ChirpStack chirpstack-gateway-bridge versions 4.0.10 and earlier Description: The Kerlink firewall in ChirpStack wrongly accepts certain TCP packets when a connection is not in t...
PT-2024-2124 · Adobe · Acrobat Reader +4
Name of the Vulnerable Software and Affected Versions: Acrobat Reader versions 20.005.30539 through 23.008.20470 and earlier Adobe Acrobat 2020 and earlier Adobe Acrobat Reader Document Cloud versions prior to the fixed version Adobe Acrobat Document Cloud versions prior to the fixed version...
Improper restriction of XML external entity references (XXE) in Electronic Deliverables Creation Support Tool provided by Ministry of Defense
Overview Electronic Deliverables Creation Support Tool provided by Ministry of Defense improperly restricts XML external entity references XXE CWE-611. Toyama Taku of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
PT-2023-28380 · Unknown · Onsinview2
Name of the Vulnerable Software and Affected Versions: OnSinView2 versions 2.0.1 and earlier Description: An issue with improper restriction of operations within the bounds of a memory buffer exists. If exploited, this could lead to information disclosure or the execution of arbitrary code by...
PT-2023-20706 · Paul Kehrer · Updraft
Name of the Vulnerable Software and Affected Versions: Paul Kehrer Updraft plugin versions = 0.6.1 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal use...
PT-2023-24313 · Suprema · Suprema Biostar 2
Name of the Vulnerable Software and Affected Versions: Suprema BioStar 2 versions prior to 2.9.1 Description: A path traversal issue exists, allowing unauthenticated attackers to fetch arbitrary files from the server's web server. Recommendations: For Suprema BioStar 2 versions prior to 2.9.1,...
PT-2023-18223 · Samsung · Exynos
Name of the Vulnerable Software and Affected Versions: Exynos baseband versions prior to SMR Mar-2023 Release 1 Description: The issue is related to improper authorization implementation, which leads to incorrect handling of unencrypted messages. Recommendations: For versions prior to SMR Mar-202...
PT-2023-12900 · Cvat · Cvat
Name of the Vulnerable Software and Affected Versions: CVAT versions prior to 2.0.1 Description: The issue allows an authenticated user to potentially enable information disclosure via network access due to server-side request forgery. Recommendations: For versions prior to 2.0.1, update to versi...
SA40166 - Remote desktop protocol (RDP) client restriction bypass issue
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A security issue was discovered in the PCS Terminal Services Remote Desktop Protocol RDP client session restrictions feature. By exploiting this issue a malicious authenticated user...
PT-2023-34148 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.86 Description: A refcount leak was discovered in the f hid gadget of the Linux Kernel. The issue was introduced in version v3.19 and is fixed in version v5.15.86. The actual impact and attack plausibility...
Multiple vulnerabilities in PIXELA PIX-RT100
Overview PIX-RT100 provided by PIXELA CORPORATION contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2023-22304 Backdoor access issue CWE-912 - CVE-2023-22316 MASAHIRO IIDA of LAC Co.,Ltd. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the develop...
PT-2022-5907 · Schneider Electric · Apc Easy Ups Online Monitoring +1
Name of the Vulnerable Software and Affected Versions: APC Easy UPS Online Monitoring Software versions prior to V2.5-GA APC Easy UPS Online Monitoring Software versions prior to V2.5-GA-01-22261 Schneider Electric Easy UPS Online Monitoring Software versions prior to V2.5-GS Schneider Electric...
PT-2022-14638 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-13 Description: The issue is related to a possible out of bounds write in the avdt msg asmbl function of avdt msg.cc due to a missing bounds check. This could lead to remote code execution over...
PT-2022-26650 · Bentley · Bentley Microstation +1
Name of the Vulnerable Software and Affected Versions: Bentley MicroStation versions prior to 10.17.01.58 Bentley View versions prior to 10.17.01.19 Description: The issue concerns out-of-bounds read and stack overflow problems that occur when opening crafted SKP files. This could lead to...
PT-2022-5197 · Juniper Networks · Junos
Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions prior to 19.1R3-S9 Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S6 Juniper Networks Junos OS 19.3 versions prior to 19.3R3-S7 Juniper Networks Junos OS 19.4 versions prior to 19.4R2-S7, 19.4R3-S9...
PT-2022-34259 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 2.6.22 through 5.4.210 Description: A divide-by-zero bug was found in the ark set pixclock function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions 2.6.22...