Malicious code in topic-viewer (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-3146 Malicious code in topic-viewer (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-38952

CVE-2024-38952 : PX4-Autopilot v1.14.3 has a buffer overflow in the logger component via the topic_name parameter in /logger/logged_topics.cpp. The CVSS 3.1 vector indicates exploitability is NETWORK, with no privileges or user interaction required, and an impact on availability only (I/N; A:H). ...

PX4 Drone Autopilot Security Vulnerability

PX4 Drone Autopilot is a PX4 drone autopilot open-sourced by PX4 Autopilot for Drones. A security vulnerability exists in PX4 Drone Autopilot version v1.14.3, which stems from a discovery via the topicname parameter in /logger/loggedtopics.cpp that contains a buffer overflow vulnerability...

CVE-2024-35512

hmq v1.5.5 is vulnerable to Denial of Service DoS due to a Null Pointer Exception. A remote attacker can trigger a broker crash by sending a specially crafted MQTT UNSUBSCRIBE packet with an illegal control character Topic. The failure to properly validate this field leads to a null pointer...

Silverstripe Forum Module CSRF Vulnerability

A number of form actions in the Forum module are directly accessible. A malicious user e.g. spammer can use GET requests to create Members and post to forums, bypassing CSRF and anti-spam measures. Additionally, a forum moderator could be tricked into clicking a specially crafted URL, resulting i...

PT-2024-40494 · Unknown · Forum Module

Name of the Vulnerable Software and Affected Versions: Forum module affected versions not specified Description: The issue allows malicious users, such as spammers, to create members and post to forums using GET requests, bypassing CSRF and anti-spam measures. Additionally, a forum moderator can ...

CVE-2024-33122

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list function...

CVE-2024-33122

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list function...

CVE-2024-33122

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list function...

PT-2024-25124 · Roothub · Roothub

Name of the Vulnerable Software and Affected Versions: Roothub version 2.6 Description: The issue is related to a SQL injection vulnerability. This vulnerability occurs via the topic parameter in the list function. Recommendations: For Roothub version 2.6, consider restricting the use of the list...

Roothub 安全漏洞

Roothub is a forum system developed using SSM and MySQL. A security vulnerability exists in Roothub v2.6, which was discovered to contain an SQL injection vulnerability via the topic parameter in the list function...

CVE-2024-33122

CVE-2024-33122 affects Roothub v2.6. A SQL injection vulnerability exists in the list() function via the topic parameter, caused by unsafe SQL construction. CVSS 3.1 base score 6.3 (Medium) with Low impact across confidentiality, integrity, and availability. No exploits details are provided in th...

CVE-2024-33122

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list function...

GHSA-XCHQ-W5R3-4WG3 vyper performs incorrect topic logging in raw_log

Summary Incorrect values can be logged when rawlog builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. In particular, no uses of rawlog were found at all in production; it is apparently not ...

CVE-2024-32645 vyper performs incorrect topic logging in raw_log

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when rawlog builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in...

Vyper 安全漏洞

Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper versions 0.3.10 and earlier, which stems from incorrect logging of topics in rawlog, and could lead to unexpected behavior in client applications that rely on these logs...

NanoMQ 安全漏洞

NanoMQ is a lightweight and fast MQTT Broker for IoT edge platforms open-sourced by EMQ Technologies, USA. A security vulnerability exists in NanoMQ version 0.21.7, which stems from a null pointer dereference vulnerability in the topicfiltern function in the file mqttparser.c. The vulnerability c...

CVE-2024-31219 Discourse-reactions' reaction data and public topic whisper content exposed on reactions given user activity page

Discourse-reactions is a plugin that allows user to add their reactions to the post. When whispers are enabled on a site via whispersallowedgroups and reactions are made on whispers on public topics, the contents of the whisper and the reaction data are shown on the /u/:username/activity/reaction...

PT-2024-11934 · Mqtt · Mqtt

Name of the Vulnerable Software and Affected Versions: MQTT affected versions not specified Description: An unauthenticated remote attacker who is aware of an MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands, and firmware updates...