• Menu ▾
• • Home
  • About
  • Rules
  • Chat
  • CVE
  • Mailing List
  • Meetings
  • Our Spawn
  • Contact

CVE-2023-4504

CVE-2023-4504: OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow

AHA! has discovered an issue with CUPS and libppd from OpenPrinting, and is publishing this disclosure in accordance with AHA!’s standard disclosure policy today, on Thursday, September 21, 2023. CVE-2023-4504 has been assigned to this issue.

Any questions about this disclosure should be directed to [email protected].

Executive Summary

Due to failure in validating the length provided by an attacker-crafted CUPS PPD file, CUPS version v2.5b1 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution. CVE-2023-4504 appears to be an instance of CWE-122, a heap-based buffer overflow.

Read more

CVE-2023-5841

CVE-2023-5841: Academy Software Foundation OpenEXR Heap Overflow in Scanline Deep Data Parsing

AHA! has discovered an issue with OpenEXR from The Academy Software Foundation, and is publishing this disclosure in accordance with AHA!’s standard disclosure policy today, on Wednesday, Jan 31, 2023. CVE-2023-5841 has been assigned to this issue.

Any questions about this disclosure should be directed to [email protected].

Executive Summary

Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEXR image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. CVE-2023-5841 appears to be an instance of CWE-122.

Read more

CVE-2024-4224

CVE-2024-4224: TP-Link TL-SG1016DE XSS

AHA! has discovered an issue with the TL-SG1016DE from TP-Link, and is publishing this disclosure in accordance with AHA!’s standard disclosure policy today, on July 15, 2024. CVE-2024-4224 has been assigned to this issue.

Any questions about this disclosure should be directed to [email protected].

Executive Summary

Authenticated stored cross-site scripting (XSS) exists in the TP-Link TL-SG1016DE affecting version TL-SG1016DE(UN) V7.6_1.0.0 Build 20230616, which could allow an adversary to run JavaScript in an administrator’s browser. CVE-2024-4224 is an instance of CWE-79.

Read more

CVE-2025-2894

CVE-2025-2894: Unitree Go1 Backdoor Control Channel

AHA! has discovered an issue with the Go1 from Unitree, and is issuing this disclosure in accordance with AHA!’s standard disclosure policy on March 27, 2025. CVE-2025-2894 has been assigned to this issue.

Any questions about this disclosure should be directed to [email protected].

Executive Summary

Unitree, makers of the Go1, also known as “The World’s First Intelligence Bionic Quadruped Robot Companion of Consumer Level,” contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service by Oray.

Read more

CVE-2025-32455

CVE-2025-32455: ON Semiconductor Quantenna router_command.sh run_cmd Argument Injection

AHA! has discovered an issue with Quantenna Wi-Fi chips from ON Semiconductor, and is issuing this disclosure in accordance with AHA!’s standard disclosure policy on June 8, 2025. CVE-2025-32455 has been assigned to this issue.

Any questions about this disclosure should be directed to [email protected].

Executive Summary

Quantenna Wi-Fi chips ship with a local control script that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7.

Read more

← Newer posts Older posts →