CVE-2024-9570

A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formEasySetTimezone of the file /goform/formEasySetTimezone. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit...

CVE-2024-33065 Improper Input Validation in Camera

Memory corruption while taking snapshot when an offset variable is set by camera driver...

PT-2024-25103

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions. Description There is a memory corruption issue that occurs when taking a snapshot, specifically when a camera driver sets an offset variable. This issue can potential...

CVE-2024-44674

CVE-2024-44674 affects the D-Link COVR-2600R with firmware FW101b05. The vulnerability arises in a function (sub_24E28) where HTTP_REFERER is obtained via an environment variable, which is controllable, and can be used as the value for src. This leads to a buffer overflow condition as described i...

CVE-2024-44674

D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. In the function sub24E28, the HTTPREFERER is obtained through an environment variable, and this field is controllable, allowing it to be used as the value for src...

Use Of Uninitialized Variable

github.com/golang-fips/openssl is vulnerable to Use of Uninitialized Variable. The vulnerability is due to improper handling of uninitialized buffer lengths in FIPS mode, which can result in zeroed buffers being returned. This flaw allows an attacker to force false positive hash matches, send...

CVE-2024-37869

File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using the "$- FILES" variable...

CVE-2024-9483 Uninitialized variable in digital signiture verification may crash the application

A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature 24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application during processing...

CVE-2024-37869

The CVE-2024-37869 entry describes a file upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0. A remote attacker can trigger arbitrary code execution via the poster.php handler, with the uploaded payload received through the $_FILES variable. The available references indica...

CVE-2024-37868

CVE-2024-37868 involves the Itsourcecode Online Discussion Forum Project v1.0 with a vulnerability in the sendreply.php file that accepts uploaded files via the $_FILES variable, enabling remote code execution. The issue is described with a high impact (C/H/I/A) and CVSS v3.1 score 8.8. Exploitat...

PT-2024-27797 · Unknown · Itsourcode Online Discussion Forum Project

Name of the Vulnerable Software and Affected Versions: Itsourcecode Online Discussion Forum Project version 1.0 Description: The issue allows a remote attacker to execute arbitrary code via the "poster.php" file. The uploaded file is received using the $ FILES variable. This enables the attacker ...

OpenTofu potential leaking of secret variable values when using static evaluation in v1.8

Impact Users who have opted into static evaluation of module sources, versions, and backend configurations may be at risk of exposing sensitive variables and locals. This is a workflow that should not be possible and explicitly show errors. Workarounds Check that you are not using sensitive...

GHSA-WPR2-J6GR-PJW9 OpenTofu potential leaking of secret variable values when using static evaluation in v1.8

Impact Users who have opted into static evaluation of module sources, versions, and backend configurations may be at risk of exposing sensitive variables and locals. This is a workflow that should not be possible and explicitly show errors. Workarounds Check that you are not using sensitive...

Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend

Impact Configuration supplied through APPCONFIG environment variables, for example APPCONFIGbackendlistenport=7007, where unexpectedly ignoring the visibility defined in configuration schema. This occurred even if the configuration schema specified that they should have backend or secret...

GHSA-QC4V-XQ2M-65WC Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend

Impact Configuration supplied through APPCONFIG environment variables, for example APPCONFIGbackendlistenport=7007, where unexpectedly ignoring the visibility defined in configuration schema. This occurred even if the configuration schema specified that they should have backend or secret...

PHP 8.1.x < 8.1.30 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.30, 8.2.x prior to 8.2.24, or 8.3.x prior to 8.3.12. It is, therefore, affected by multiple vulnerabilities: - Parameter injection vulnerability with a bypass of CVE-2024-4577...

Fedora 40 : php (2024-2b429e720e)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-2b429e720e advisory. PHP version 8.3.12 26 Sep 2024 CGI: Fixed bug GHSA-p99j-rfp4-xqvq Bypass of CVE-2024-4577, Parameter Injection Vulnerability. CVE-2024-8926 nielsdos...

GHSA-3H3X-2HWV-HR52 Golang FIPS OpenSSL has a Use of Uninitialized Variable vulnerability

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...

Golang FIPS OpenSSL has a Use of Uninitialized Variable vulnerability

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...

K000141300: Perl vulnerabilities CVE-2018-18314, CVE-2018-18313, CVE-2018-18312, CVE-2017-12883, and CVE-2017-12814

Security Advisory Description CVE-2018-18314 Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations. CVE-2018-18313 Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive informatio...