| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An attacker can cause a Denial of Service and kernel panic in v4.2 and earlier versions of Espressif esp32 via a malformed beacon csa frame. The device requires a reboot to recover. |
| Bandai Namco FromSoftware Dark Souls III allows remote attackers to execute arbitrary code. |
| A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1.0 allows a remote attacker to Bypass Authentication and become Admin. |
| A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1.0 allows a remote attacker to Bypass Authentication and become Admin. |
| The Bluetooth Classic implementation on Bluetrum AB5301A devices with unknown firmware versions does not properly handle the reception of oversized DM1 LMP packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity. |
| The Bluetooth Classic implementation on the Texas Instruments CC256XCQFN-EM does not properly handle the reception of continuous LMP_AU_Rand packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device by flooding it with LMP_AU_Rand packets after the paging procedure. |
| The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with a greater ACL Length after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet. |
| The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 does not properly handle the reception of a malformed LMP timing accuracy response followed by multiple reconnections to the link slave, allowing attackers to exhaust device BT resources and eventually trigger a crash via multiple attempts of sending a crafted LMP timing accuracy response followed by a sudden reconnection with a random BDAddress. |
| The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and restart (crash) of the device by flooding it with LMP_AU_Rand packets after the paging procedure. |
| The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with an invalid Baseband packet type (and LT_ADDRESS and LT_ADDR) after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet. |
| The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C BT SDK through 0.9.1 does not properly handle the reception of truncated LMP_SCO_Link_Request packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity. |
| The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C_DEMO_V1.0 does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (deadlock) of the device by flooding it with LMP_AU_Rand packets after paging procedure. User intervention is required to restart the device. |
| An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless." |
| LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, oldpic, or imgurl parameter. |
| LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname. |
| An issue was discovered on atasm, version 1.09. A stack-buffer-overflow vulnerability in function aprintf() in asm.c allows attackers to execute arbitrary code on the system via a crafted file. |
| The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e has a NULL pointer dereference. |
| An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parse_tree() in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution. |
| A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph in ps-pdf.cxx ,this flaw possibly allows possible code execution and a denial of service via a crafted file. |
| Thecus 4800Eco was discovered to contain a command injection vulnerability via the username parameter in /adm/setmain.php. |
