CVE-2024-24334

A heap buffer overflow occurs in dfsv2 dfsfile in RT-Thread through 5.0.2...

CVE-2024-25394

The CVE-2024-25394 issue affects RT-Thread RTOS up to version 5.0.2, specifically in utilities/ymodem/ry_sy.c, caused by an incorrect sprintf call or a missing '\0'. The buffer overflow is documented across multiple sources (NVD/Red Hat/OSV/CVE records) with no public exploit details provided in ...

CVE-2024-25388

drivers/wlan/wlanmgmt,c in RT-Thread through 5.0.2 has an integer signedness error and resultant buffer overflow...

RT-Thread 安全漏洞

RT-Thread is an open source IoT real-time operating system RTOS from RT-Thread Open Source. A security vulnerability exists in RT-Thread version 5.0.2, which stems from a heap-based buffer overflow in drivers/wlan/wlanmgmt.c. The vulnerability is caused by the presence of a heap-based buffer...

RT-Thread 安全漏洞

RT-Thread is an open source IoT real-time operating system RTOS from RT-Thread Open Source. A security vulnerability exists in RT-Thread version 5.0.2, which stems from an out-of-bounds access in utilities/varexport/varexport.c. The vulnerability is caused by an out-of-bounds access in...

CVE-2024-25389

RT-Thread through 5.0.2 generates random numbers with a weak algorithm of "seed = 214013L seed + 2531011L; return seed 16 & 0x7FFF;" in calcrandom in drivers/misc/rtrandom.c...

CVE-2024-25392

An out-of-bounds access occurs in utilities/varexport/varexport.c in RT-Thread through 5.0.2...

CVE-2024-25395

A buffer overflow occurs in utilities/rt-link/src/rtlink.c in RT-Thread through 5.0.2...

CVE-2024-25395

A buffer overflow occurs in utilities/rt-link/src/rtlink.c in RT-Thread through 5.0.2...

CVE-2024-28034

Cross-site scripting vulnerability exists in Mini Thread Version 3.33βi. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using Mini Thread Version 3.33βi...

CVE-2024-28034

Cross-site scripting vulnerability exists in Mini Thread Version 3.33βi. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using Mini Thread Version 3.33βi...

CVE-2024-28034

The CVE-2024-28034 entry describes a cross-site scripting (CWE-79) vulnerability in Mini Thread Version 3.33βi. An arbitrary script could be executed in the browser of users visiting a site that uses this product. The focal product is Mini Thread 3.33βi; the root cause and exact vulnerable compon...

CVE-2024-28034

Cross-site scripting vulnerability exists in Mini Thread Version 3.33βi. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using Mini Thread Version 3.33βi...

Mini Thread vulnerable to cross-site scripting

Overview Mini Thread provided by Flash CGI according to the original report submitted by the reporter is a CGI script for creating a bulletin board system BBS. Mini Thread contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of...

PT-2024-22226 · Unknown · Mini Thread

Name of the Vulnerable Software and Affected Versions: Mini Thread version 3.33βi Description: A cross-site scripting issue exists, allowing an arbitrary script to be executed on the web browser of the user accessing the website that uses the product. The developer was unreachable, and users are...

CVE-2024-28243

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \edef that causes a near-infinite loop, despite setting maxExpand to avoid such loops. This can be used as an availability attack, where...

CVE-2024-28243

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \edef that causes a near-infinite loop, despite setting maxExpand to avoid such loops. This can be used as an availability attack, where...

JVN#40523785: Mini Thread vulnerable to cross-site scripting

Mini Thread provided by Flash CGI according to the original report submitted by the reporter is a CGI script for creating a bulletin board system BBS. Mini Thread contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user...

PT-2024-11188 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue arises when the hardware register containing the server TID base holds invalid values, which can occur when the adapter is in a bad state, such as after an AER fatal error...

Exploit for CVE-2023-22622

DoS WP-Cron - CVE-2023-22622 Exploit PoC Overview This re...