frozen 代码问题漏洞

frozen is an open source JSON parser and generator for C/C++ from Cesanta Software. A code issue exists in frozen versions prior to 1.7, which is caused by a null pointer dereference. An attacker exploiting this vulnerability could trigger a crash of a component embedded in the library by providi...

D-Link DIR-816A2 form2PortriggerRule.cgi Component Access Control Error Vulnerability

The D-Link DIR-816A2 is a router from China's AUO D-Link. The D-Link DIR-816A2 suffers from an Access Control Error vulnerability that stems from improper access control in the form2PortriggerRule.cgi component, which can be exploited by an unauthenticated attacker to set a port trigger via a...

CVE-2023-37017

Open5GS MME versions = 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an S1Setup Request message missing a required Global eNB ID field to repeatedly crash the MME, resulting in denial of service...

CVE-2023-37007

Open5GS MME versions = 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a Handover Cancel message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...

CVE-2023-37009

Open5GS MME versions

CVE-2023-37013

Open5GS MME versions = 2.6.4 contains an assertion that can be remotely triggered via a sufficiently large ASN.1 packet over the S1AP interface. An attacker may repeatedly send such an oversized packet to cause the ogssctprecvmsg routine to reach an unexpected network state and crash, leading to...

CVE-2023-37012

Open5GS MME versions = 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an Initial UE Message message missing a required PLMN Identity field to repeatedly crash the MME, resulting in denial of service...

CVE-2023-37014

Open5GS MME versions = 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a UE Context Release Request message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...

CVE-2023-37004

Open5GS MME versions = 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an Initial Context Setup Response message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...

CVE-2024-10936

The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursiveunserializereplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP...

The vulnerability of the Next.js software platform for creating web applications, related to unlimited resource distribution, allows attackers to trigger service failures.

The vulnerability of the Next.js software platform for creating web applications is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...

AZL-55815 CVE-2025-24014 affecting package vim for versions less than 9.1.0791-3

Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode -s -e, Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui...

The vulnerability of the CGI script form2PortriggerRule.cgi of the D-Link DIR-816A2 router’s microprogramming system allows a hacker to execute arbitrary code.

The vulnerability of the CGI script form2PortriggerRule.cgi of the D-Link DIR-816A2 router’s microprogramming system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted POST request...

CVE-2024-57910

In the Linux kernel, the following vulnerability has been resolved: iio: light: vcnl4035: fix information leak in triggered buffer The 'buffer' local array is used to push data to userspace from a triggered buffer, but it does not set an initial value for the single data element, which is an u16...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the vcnl4035 driver failing to initialize the buffer array in the trigger buffer, resulting in the push of...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the bh1745 driver not initializing the scan structure in the trigger buffer, resulting in uninitialized data...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ti-ads8688 driver failing to initialize the buffer array in the trigger buffer, resulting in uninitializ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the kmx61 driver failing to initialize the buffer array in the trigger buffer, resulting in uninitialized da...

CVE-2024-57680

An access control issue in the component form2PortriggerRule.cgi of D-Link 816A2FWv1.10CNB05R1B011D88210 allows unauthenticated attackers to set the port trigger of the device via a crafted POST request...

CVE-2024-57680

An access control issue in the component form2PortriggerRule.cgi of D-Link 816A2FWv1.10CNB05R1B011D88210 allows unauthenticated attackers to set the port trigger of the device via a crafted POST request...