184269 matches found
PT-2025-53223
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the handling of the ELF header buffer during kexec. Specifically, a superfluous vfree call within the crash load segments function's error pa...
PT-2022-27890 · Tenda · Tenda F1203
Name of the Vulnerable Software and Affected Versions: Tenda F1203 version 2.0.1.6 Description: A buffer overflow issue was discovered, which can be triggered via the limitSpeedUp parameter at the "/goform/SetClientState" API endpoint. Recommendations: For Tenda F1203 version 2.0.1.6, avoid using...
PT-2024-11890
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A bug in the Linux kernel has been resolved, specifically in the btrfs qgroup, where a sleep function was called from an invalid context in btrfs qgroup inherit. This issue was reported ...
PT-2022-23624 · D Link · D-Link G Integrated Access Device4
Name of the Vulnerable Software and Affected Versions: D-Link - G integrated Access Device4 affected versions not specified Description: The issue concerns information disclosure and authorization bypass. It involves a file containing a URL with a private IP address and default username value...
PT-2022-26533 · Unknown · Deep-Parse-Json
Name of the Vulnerable Software and Affected Versions: deep-parse-json version 1.0.2 Description: The issue allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the proto...
PT-2022-6242 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: A vulnerability was found in the Linux Kernel, classified as problematic. It affects the nilfs new inode function of the fs/nilfs2/inode.c file in the BPF component, leading to use aft...
PT-2022-23113
Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description The issue occurs when the mlir::tfg::GraphDefImporter::ConvertNodeDef function...
PT-2022-25272 · WordPress · Ali Khallad'S Contact Form By Mega Forms
Name of the Vulnerable Software and Affected Versions: Ali Khallad's Contact Form By Mega Forms plugin versions = 1.2.4 Description: The issue is an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with subscriber or higher privileges can inject malicious...
PT-2022-6040 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions 5.15 through 5.19 before 5.19.2 Description: The issue is related to an out-of-bounds read in the Linux kernel's ksmbd subsystem, specifically in the fs/ksmbd/smb2misc.c file. This occurs when handling the SMB2 TREE...
PT-2022-6209 · Eclipse +2 · Eclipse Jetty +2
Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions 9.4.0 through 9.4.46 Eclipse Jetty versions 10.0.0 through 10.0.9 Eclipse Jetty versions 11.0.0 through 11.0.9 Description: The parsing of the authority segment of an http scheme URI in the Jetty HttpURI class improperl...
PT-2022-2325
Name of the Vulnerable Software and Affected Versions Atlassian Jira Server and Data Center versions prior to 8.13.18 Atlassian Jira Server and Data Center versions 8.14.0 through 8.20.6 Atlassian Jira Server and Data Center versions 8.21.0 through 8.22.0 Atlassian Jira Service Management Server...
PT-2022-7628 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The vulnerability is related to the btrfs filesystem in the Linux kernel. When using the flushoncommit mount option, a warning is triggered during almost every transaction commit due t...
PT-2022-1628 · Linux +10 · Linux Kernel +10
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.17-rc4 Description: A flaw in the kvm s390 guest sida op function in KVM for s390 in the Linux kernel allows a local attacker with normal user privileges to obtain unauthorized memory write access. This issue ...
PT-2022-1431 · Cisco · Cisco Ece
Name of the Vulnerable Software and Affected Versions: Cisco ECE affected versions not specified Description: A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to perform a username enumeration attack against an affected device. Thi...
PT-2021-24193 · Suitecrm · Suitecrm
Name of the Vulnerable Software and Affected Versions: SuiteCRM versions 7.12.2 and earlier, 8.x versions prior to 8.0.1 Description: The issue allows authenticated SQL injection via the Tooltips action in the Project module, involving resource id and start date. This can be exploited by...
PT-2021-23973 · Jsx-Slack · Jsx-Slack
Name of the Vulnerable Software and Affected Versions: jsx-slack versions 4.5.1 and earlier Description: The issue is related to a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements into the tag with including multibyte characters, an internal regular...
PT-2021-8215 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.16.0-rc4-syzkaller Description: The vulnerability is related to the MPTCP component in the Linux kernel, which can cause a NULL pointer dereference when deleting an endpoint. This can lead to a general...
PT-2021-7682 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free flaw was found in the Linux kernel’s Ext4 File System related to the overlay FS usage. This issue allows a local user to crash or potentially escalate their privileges...
PT-2021-7118 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.15-rc1 Description: The issue is related to the io-workqueue implementation in the Linux kernel, which lacks protection of internal data. This can be exploited to cause a denial of service. A local user with...
PT-2021-8175 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a list corruption vulnerability in the Linux kernel's lpfc driver. When the driver attempts to pass requests to the adapter and fails, a local fail msg string i...
PT-2021-7654
Name of the Vulnerable Software and Affected Versions SonicWall Secure Remote Access SRA appliances versions 8.x through 9.0.0.9-26sv Description The issue is related to improper neutralization of a SQL command, leading to a SQL injection vulnerability. This vulnerability impacts end-of-life Secu...
PT-2024-11315 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 20798dfe249a Description: A NULL dereference vulnerability has been resolved in the Linux kernel. The issue occurs in the nfsd component, specifically in the nfs3svc encode getaclres function, where the dentry m...
PT-2021-7013 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free issue was found in the drm lease held function in drivers/gpu/drm/drm lease.c due to a race problem, allowing a local user privilege attacker to cause a denial of...
PT-2021-18305 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3 Description: An attacker can cause a denial of service via a FPE runtime error in tf.raw ops.DenseCountSparseOutput. This is because the implementation...
PT-2021-7384 · Grub2 +2 · Grub2 +2
Name of the Vulnerable Software and Affected Versions: Grub2 versions prior to 2.06 Description: The issue is related to the implementation of the shim lock mechanism in Grub2, which is associated with incorrect cryptographic signature verification. This flaw allows an attacker to boot any kernel...
PT-2021-3888
Name of the Vulnerable Software and Affected Versions PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000, PM800 affected versions not specified Description The issue is related to insufficient authentication of executed requests, which could allow a remote attacker to...
PT-2020-7001
Name of the Vulnerable Software and Affected Versions Samba affected versions not specified Description A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including...
PT-2020-4970 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.7.11 Description: A race condition exists between certain expand functions expand downwards and expand upwards and page-table free operations from an munmap call. This issue can be exploited to cause a denial ...
PT-2020-6924 · Bouncy Castle +1 · Bouncy Castle Bc C# .Net +3
Name of the Vulnerable Software and Affected Versions: Bouncy Castle BC Java versions 1.65 and earlier Bouncy Castle BC C .NET versions 1.8.6 and earlier Bouncy Castle BC-FJA versions 1.0.2.0 and earlier Bouncy Castle BC-FNA versions 1.0.1.0 and earlier Description: The issue is related to a timi...
PT-2020-3000 · Microsoft · Windows Codecs Library
Name of the Vulnerable Software and Affected Versions: Microsoft Windows Codecs Library affected versions not specified Description: A remote code execution issue exists due to errors in handling objects in memory within the Microsoft Windows Codecs Library. This can be exploited by an attacker t...
PT-2020-12783 · Comodo +1 · Itop +1
Name of the Vulnerable Software and Affected Versions: iTop versions prior to 2.6.4 iTop versions prior to 2.7.0 Description: The issue concerns a stored XSS payload that can be exploited through a menu shortcut name in iTop. Recommendations: For versions prior to 2.6.4, update to version 2.6.4 o...
PT-2020-5392 · Linux +6 · Linux Kernel +6
Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.6.13 Description: The issue is related to the VFIO PCI driver in the Linux kernel, which mishandles attempts to access disabled memory space. This can be exploited to cause a denial of service. Recommendations:...
PT-2020-12514 · Oauth2 Proxy · Oauth2 Proxy
Name of the Vulnerable Software and Affected Versions: OAuth2 Proxy versions prior to 5.1.1 Description: The issue is related to an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This redirec...
PT-2020-6587
Name of the Vulnerable Software and Affected Versions: io.netty:netty-codec-http2 versions prior to 4.1.61.Final Description: The issue is related to a lack of proper validation of the content-length header in HTTP/2 requests. If a request only uses a single Http2HeaderFrame with the endStream se...
PT-2019-5140 · Xen +1 · Xen +1
Name of the Vulnerable Software and Affected Versions: Xen versions prior to 4.12 Description: The issue is related to a race condition in the XENMEM exchange component of the Xen hypervisor, which arose due to improper synchronization when accessing shared resources. This allows an attacker to...
PT-2017-3944
Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.2 through 1.0.2k OpenSSL versions 1.1.0 through 1.1.0d MySQL Server versions 5.6.35 and earlier MySQL Server versions 5.7.18 and earlier Description The issue is related to an out-of-bounds read in the OpenSSL library when...
PT-2022-24411 · Phpipam +1 · Phpipam +1
Name of the Vulnerable Software and Affected Versions: phpipam versions prior to 1.5.0 Description: A vulnerability has been found in phpipam, allowing for cross site scripting through the manipulation of an unknown functionality in the file app/admin/import-export/import-load-data.php of the...
PT-2026-42782
Name of the Vulnerable Software and Affected Versions idna affected versions not specified Description The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For instance, ToUnicode"xn--example-.com" returns "example.com" instead of an...
PT-2015-6138 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.1.6 Description: The issue allows local users to gain privileges by triggering an NMI within a certain instruction window due to improper reliance on espfix64 during nested NMI processing in arch/x86/entry/ent...
PT-2009-11: SlySoft Multiple Products ElbyCDIO.sys Denial of Service
Vulnerability Description Positive Technologies Research Team has discovered multiple memory corruption vulnerabilities in SlySoft products. The IOCTL handler in ElbyCDIO.sys 6.0.2.0 and earlier, shipped with AnyDVD, Virtual CloneDrive, CloneDVD and CloneCD, uses the METHODNEITHER communication...
PT-2005-2726 · Oracle +1 · Javamail Api +1
Name of the Vulnerable Software and Affected Versions: JavaMail API versions 1.1.3 through 1.3 Description: The issue allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. It is worth noting that Sun and Apache dispute this issue, with Sun...
PT-2004-2559 · Openssh +1 · Openssh +1
Name of the Vulnerable Software and Affected Versions: OpenSSH affected versions not specified Description: The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program suc...
PT-2026-56009
FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Guest API invoice/update endpoint is missing an authorization check present in other invoice-related endpoints, allowing an unauthenticated user with knowledge of an invoice hash to modify the...
PT-2026-55615
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting XSS, a condition where malicious scripts are injected into trusted websites. Th...
PT-2026-55632
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Improper access control allows an unauthorized attacker to perform spoofing over a network. Spoofing is a technique where a person or program successfully masquerades as...
PT-2026-55464
Name of the Vulnerable Software and Affected Versions kerberos-io/agent versions prior to 3.6.26 Description An issue exists in the Kerberos Hub upload path where the agent sends credentials in the custom X-Kerberos-Hub-PrivateKey and X-Kerberos-Hub-PublicKey request headers to the...
PT-2026-55231
Name of the Vulnerable Software and Affected Versions UniFi Connect Application versions prior to 3.4.17 Description An improper access control flaw exists in the UniFi Connect Application. A malicious actor with network access can exploit this issue to execute arbitrary commands on the host devi...
PT-2026-55418
Summary When MySQL or PostgreSQL service bindings from VCAP SERVICES include TLS client credentials, the Connectors library writes those credentials to temporary files in Path.GetTempPath using File.CreateText. On Linux, File.CreateText creates files with mode 0644 world-readable under the proces...
PT-2026-55248
A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi OS with UniFi Protect Application to escalate privileges on the host device...
PT-2026-54519
Name of the Vulnerable Software and Affected Versions buffa affected versions not specified Description The buffa protobuf decoder contains a memory-amplification issue. A malformed message can cause the library to consume up to 22 times the expected amount of RAM, leading to a denial of service...