184315 matches found
PT-2025-25967 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.19.0-rc6+ Description: A vulnerability in the Linux kernel has been resolved, which was causing a call trace with a null VSI during VF reset. The issue occurred during stress tests with attaching and detaching...
PT-2023-16126 · WordPress · Mega Addons For Wpbakery Page Builder
Name of the Vulnerable Software and Affected Versions: Mega Addons For WPBakery Page Builder WordPress plugin versions prior to 4.3.0 Description: The issue concerns the lack of validation and escaping of certain shortcode attributes, which could allow users with the contributor role and above to...
PT-2023-19396 · Sourcecodester · Ac Repair/Services System
Name of the Vulnerable Software and Affected Versions: SourceCodester AC Repair and Services System version 1.0 Description: A critical issue was found in the system, affecting the file /admin/services/view service.php. The manipulation of the id argument leads to SQL injection. It is possible to...
PT-2023-4888
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M2 through 11.0.0-M4 Apache Tomcat versions 10.1.5 through 10.1.7 Apache Tomcat versions 9.0.71 through 9.0.73 Apache Tomcat versions 8.5.85 through 8.5.87 Bamboo Data Center and Server version 8.1.12 and later,...
PT-2023-13393 · Dell · Dell Precision Bios +1
Name of the Vulnerable Software and Affected Versions: Dell PowerEdge BIOS affected versions not specified Dell Precision BIOS affected versions not specified Description: The issue is related to an Improper SMM communication buffer verification vulnerability. A local malicious user with high...
PT-2023-12689 · Red Hat · Keycloak Node.Js Adapter
Name of the Vulnerable Software and Affected Versions: Keycloak Node.js Adapter affected versions not specified Description: A flaw was found in the Keycloak Node.js Adapter, allowing an attacker to benefit from an Open Redirect vulnerability in the checkSso function. This issue is also present...
PT-2023-14585 · WordPress · The Real Cookie Banner
Name of the Vulnerable Software and Affected Versions: The Real Cookie Banner WordPress plugin versions prior to 3.4.10 Description: The issue allows users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. This is due to the plugin not...
PT-2025-53223
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the handling of the ELF header buffer during kexec. Specifically, a superfluous vfree call within the crash load segments function's error pa...
PT-2022-27890 · Tenda · Tenda F1203
Name of the Vulnerable Software and Affected Versions: Tenda F1203 version 2.0.1.6 Description: A buffer overflow issue was discovered, which can be triggered via the limitSpeedUp parameter at the "/goform/SetClientState" API endpoint. Recommendations: For Tenda F1203 version 2.0.1.6, avoid using...
PT-2024-11890
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A bug in the Linux kernel has been resolved, specifically in the btrfs qgroup, where a sleep function was called from an invalid context in btrfs qgroup inherit. This issue was reported ...
PT-2022-26533 · Unknown · Deep-Parse-Json
Name of the Vulnerable Software and Affected Versions: deep-parse-json version 1.0.2 Description: The issue allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the proto...
PT-2022-6242 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: A vulnerability was found in the Linux Kernel, classified as problematic. It affects the nilfs new inode function of the fs/nilfs2/inode.c file in the BPF component, leading to use aft...
PT-2022-23113
Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description The issue occurs when the mlir::tfg::GraphDefImporter::ConvertNodeDef function...
PT-2022-25272 · WordPress · Ali Khallad'S Contact Form By Mega Forms
Name of the Vulnerable Software and Affected Versions: Ali Khallad's Contact Form By Mega Forms plugin versions = 1.2.4 Description: The issue is an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with subscriber or higher privileges can inject malicious...
PT-2022-6040 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions 5.15 through 5.19 before 5.19.2 Description: The issue is related to an out-of-bounds read in the Linux kernel's ksmbd subsystem, specifically in the fs/ksmbd/smb2misc.c file. This occurs when handling the SMB2 TREE...
PT-2022-6209 · Eclipse +2 · Eclipse Jetty +2
Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions 9.4.0 through 9.4.46 Eclipse Jetty versions 10.0.0 through 10.0.9 Eclipse Jetty versions 11.0.0 through 11.0.9 Description: The parsing of the authority segment of an http scheme URI in the Jetty HttpURI class improperl...
PT-2022-2325
Name of the Vulnerable Software and Affected Versions Atlassian Jira Server and Data Center versions prior to 8.13.18 Atlassian Jira Server and Data Center versions 8.14.0 through 8.20.6 Atlassian Jira Server and Data Center versions 8.21.0 through 8.22.0 Atlassian Jira Service Management Server...
PT-2022-7628 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The vulnerability is related to the btrfs filesystem in the Linux kernel. When using the flushoncommit mount option, a warning is triggered during almost every transaction commit due t...
PT-2022-1628 · Linux +10 · Linux Kernel +10
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.17-rc4 Description: A flaw in the kvm s390 guest sida op function in KVM for s390 in the Linux kernel allows a local attacker with normal user privileges to obtain unauthorized memory write access. This issue ...
PT-2022-1431 · Cisco · Cisco Ece
Name of the Vulnerable Software and Affected Versions: Cisco ECE affected versions not specified Description: A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to perform a username enumeration attack against an affected device. Thi...
PT-2021-24193 · Suitecrm · Suitecrm
Name of the Vulnerable Software and Affected Versions: SuiteCRM versions 7.12.2 and earlier, 8.x versions prior to 8.0.1 Description: The issue allows authenticated SQL injection via the Tooltips action in the Project module, involving resource id and start date. This can be exploited by...
PT-2021-23973 · Jsx-Slack · Jsx-Slack
Name of the Vulnerable Software and Affected Versions: jsx-slack versions 4.5.1 and earlier Description: The issue is related to a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements into the tag with including multibyte characters, an internal regular...
PT-2021-8215 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.16.0-rc4-syzkaller Description: The vulnerability is related to the MPTCP component in the Linux kernel, which can cause a NULL pointer dereference when deleting an endpoint. This can lead to a general...
PT-2021-7682 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free flaw was found in the Linux kernel’s Ext4 File System related to the overlay FS usage. This issue allows a local user to crash or potentially escalate their privileges...
PT-2021-7118 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.15-rc1 Description: The issue is related to the io-workqueue implementation in the Linux kernel, which lacks protection of internal data. This can be exploited to cause a denial of service. A local user with...
PT-2021-22011
Name of the Vulnerable Software and Affected Versions: LiderAhenk software Lider module versions 2.1.15 and below Description: The issue is related to the Lider module in LiderAhenk software, where configurations are leaked via an unsecured API. An attacker with access to the configurations API...
PT-2021-8175 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a list corruption vulnerability in the Linux kernel's lpfc driver. When the driver attempts to pass requests to the adapter and fails, a local fail msg string i...
PT-2021-7654
Name of the Vulnerable Software and Affected Versions SonicWall Secure Remote Access SRA appliances versions 8.x through 9.0.0.9-26sv Description The issue is related to improper neutralization of a SQL command, leading to a SQL injection vulnerability. This vulnerability impacts end-of-life Secu...
PT-2024-11315 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 20798dfe249a Description: A NULL dereference vulnerability has been resolved in the Linux kernel. The issue occurs in the nfsd component, specifically in the nfs3svc encode getaclres function, where the dentry m...
PT-2021-7013 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free issue was found in the drm lease held function in drivers/gpu/drm/drm lease.c due to a race problem, allowing a local user privilege attacker to cause a denial of...
PT-2021-18305 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3 Description: An attacker can cause a denial of service via a FPE runtime error in tf.raw ops.DenseCountSparseOutput. This is because the implementation...
PT-2021-7384 · Grub2 +2 · Grub2 +2
Name of the Vulnerable Software and Affected Versions: Grub2 versions prior to 2.06 Description: The issue is related to the implementation of the shim lock mechanism in Grub2, which is associated with incorrect cryptographic signature verification. This flaw allows an attacker to boot any kernel...
PT-2021-3888
Name of the Vulnerable Software and Affected Versions PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000, PM800 affected versions not specified Description The issue is related to insufficient authentication of executed requests, which could allow a remote attacker to...
PT-2020-7001
Name of the Vulnerable Software and Affected Versions Samba affected versions not specified Description A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including...
PT-2020-4970 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.7.11 Description: A race condition exists between certain expand functions expand downwards and expand upwards and page-table free operations from an munmap call. This issue can be exploited to cause a denial ...
PT-2020-6924 · Bouncy Castle +1 · Bouncy Castle Bc C# .Net +3
Name of the Vulnerable Software and Affected Versions: Bouncy Castle BC Java versions 1.65 and earlier Bouncy Castle BC C .NET versions 1.8.6 and earlier Bouncy Castle BC-FJA versions 1.0.2.0 and earlier Bouncy Castle BC-FNA versions 1.0.1.0 and earlier Description: The issue is related to a timi...
PT-2020-3000 · Microsoft · Windows Codecs Library
Name of the Vulnerable Software and Affected Versions: Microsoft Windows Codecs Library affected versions not specified Description: A remote code execution issue exists due to errors in handling objects in memory within the Microsoft Windows Codecs Library. This can be exploited by an attacker t...
PT-2020-12783 · Comodo +1 · Itop +1
Name of the Vulnerable Software and Affected Versions: iTop versions prior to 2.6.4 iTop versions prior to 2.7.0 Description: The issue concerns a stored XSS payload that can be exploited through a menu shortcut name in iTop. Recommendations: For versions prior to 2.6.4, update to version 2.6.4 o...
PT-2020-5392 · Linux +6 · Linux Kernel +6
Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.6.13 Description: The issue is related to the VFIO PCI driver in the Linux kernel, which mishandles attempts to access disabled memory space. This can be exploited to cause a denial of service. Recommendations:...
PT-2020-12514 · Oauth2 Proxy · Oauth2 Proxy
Name of the Vulnerable Software and Affected Versions: OAuth2 Proxy versions prior to 5.1.1 Description: The issue is related to an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This redirec...
PT-2020-6587
Name of the Vulnerable Software and Affected Versions: io.netty:netty-codec-http2 versions prior to 4.1.61.Final Description: The issue is related to a lack of proper validation of the content-length header in HTTP/2 requests. If a request only uses a single Http2HeaderFrame with the endStream se...
PT-2019-5140 · Xen +1 · Xen +1
Name of the Vulnerable Software and Affected Versions: Xen versions prior to 4.12 Description: The issue is related to a race condition in the XENMEM exchange component of the Xen hypervisor, which arose due to improper synchronization when accessing shared resources. This allows an attacker to...
PT-2017-3944
Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.2 through 1.0.2k OpenSSL versions 1.1.0 through 1.1.0d MySQL Server versions 5.6.35 and earlier MySQL Server versions 5.7.18 and earlier Description The issue is related to an out-of-bounds read in the OpenSSL library when...
PT-2022-24411 · Phpipam +1 · Phpipam +1
Name of the Vulnerable Software and Affected Versions: phpipam versions prior to 1.5.0 Description: A vulnerability has been found in phpipam, allowing for cross site scripting through the manipulation of an unknown functionality in the file app/admin/import-export/import-load-data.php of the...
PT-2026-42782
Name of the Vulnerable Software and Affected Versions idna affected versions not specified Description The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For instance, ToUnicode"xn--example-.com" returns "example.com" instead of an...
PT-2015-6138 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.1.6 Description: The issue allows local users to gain privileges by triggering an NMI within a certain instruction window due to improper reliance on espfix64 during nested NMI processing in arch/x86/entry/ent...
PT-2017-1994 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.19 Description: The issue is related to the mishandling of counter grouping in the Linux kernel, specifically in the kernel/events/core.c file. This allows local users to gain privileges via a crafted...
PT-2009-11: SlySoft Multiple Products ElbyCDIO.sys Denial of Service
Vulnerability Description Positive Technologies Research Team has discovered multiple memory corruption vulnerabilities in SlySoft products. The IOCTL handler in ElbyCDIO.sys 6.0.2.0 and earlier, shipped with AnyDVD, Virtual CloneDrive, CloneDVD and CloneCD, uses the METHODNEITHER communication...
PT-2005-2726 · Oracle +1 · Javamail Api +1
Name of the Vulnerable Software and Affected Versions: JavaMail API versions 1.1.3 through 1.3 Description: The issue allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. It is worth noting that Sun and Apache dispute this issue, with Sun...
PT-2004-2559 · Openssh +1 · Openssh +1
Name of the Vulnerable Software and Affected Versions: OpenSSH affected versions not specified Description: The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program suc...