CVE-2025-8949

A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the function getpingappstat of the file pingresponse.cgi of the component httpd. The manipulation of the argument pingipaddr leads to stack-based buffer overflow. The attack can be launched remotely. The...

CVE-2025-8949

A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the function getpingappstat of the file pingresponse.cgi of the component httpd. The manipulation of the argument pingipaddr leads to stack-based buffer overflow. The attack can be launched remotely. The...

CVE-2025-8949

CVE-2025-8949 concerns a stack-based buffer overflow in D-Link DIR-825 v2.10, affecting the httpd component’s ping_response.cgi function get_ping_app_stat. The vulnerability stems from unsafely handling the ping_ipaddr argument, enabling a remote attacker to overflow a stack buffer. Public disclo...

CVE-2025-8949 D-Link DIR-825 httpd ping_response.cgi get_ping_app_stat stack-based overflow

A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the function getpingappstat of the file pingresponse.cgi of the component httpd. The manipulation of the argument pingipaddr leads to stack-based buffer overflow. The attack can be launched remotely. The...

Linux Distros Unpatched Vulnerability : CVE-2019-11190

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs such as /bin/su because installexeccreds is called too late in loadelfbinary in...

Linux Distros Unpatched Vulnerability : CVE-2022-49436

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: powerpc/paprscm: Fix leaking nvdimmeventsmap elements Right now 'char ' elements allocated f...

Linux Distros Unpatched Vulnerability : CVE-2020-36785

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Fix use after free in atomispalloccssstatbufs The s3abuf is freed along with...

Linux Distros Unpatched Vulnerability : CVE-2025-21898

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ftrace: Avoid potential division by zero in functionstatshow Check whether denominator expression x x - 1 1000 mod 2^32, 2^64 produce zero and skip stddev...

Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-57982: xfrm: state: fix out-of-bounds read during lookup bsc1237913. CVE-2024-58053: rxrpc: Fix handling of received connection abort bsc1238982...

Asrmicro ASR Series 安全漏洞

Asrmicro ASR Series is a series of chips from Avantage Technology Asrmicro, a Chinese company. A security vulnerability exists in Asrmicro ASR Series, which originates from an improper resource release in the trafficservice.C file in the trafficstat module, which could lead to a resource leak...

SUSE CVE-2022-50174

In the Linux kernel, the following vulnerability has been resolved: net: hinic: avoid kernel hung in hinicgetstats64 When using hinic device as a bond slave device, and reading device stats of master bond device, the kernel may hung. The kernel panic calltrace as follows: Kernel panic - not...

CVE-2021-24167

When visiting a site running Web-Stat 1.4.0, the "wtswebstatloadinit" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookupWPaccount...

CVE-2011-4917

In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat...

CVE-2002-2245

ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a digit in response to a STAT command for a filename that contains a carriage return followed by a digit, which can cause firewalls and other intermediary devices to lose proper track of the FTP session...

CVE-2002-2044

Cross-site scripting XSS vulnerability in xstatadmin.php in x-stat 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the phpinfo action...

WordPress Geocache Stat Bar Widget plugin <= 0.911 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Geocache Stat Bar Widget versions = 0.911...

CVE-2024-11266

The Geocache Stat Bar Widget WordPress plugin through 0.911 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-11266

The Geocache Stat Bar Widget WordPress plugin through 0.911 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-11266

The Geocache Stat Bar Widget WordPress plugin through 0.911 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-11266 Geocache Stat Bar Widget <= 0.911 - Admin+ Stored XSS

The Geocache Stat Bar Widget WordPress plugin through 0.911 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...