SUSE CVE-2022-3656

Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. Chromium security severity: Medium...

SUSE CVE-2022-3661

Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome extension. Chromium security severity: Low...

The vulnerability of the Video Driver in Linux kernel allows a local attacker to trigger a system failure.

The vulnerability of the Video Driver in Linux operating systems is related to insufficient checking of user data. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the System Management Unit (SMU) component of AMD processors allows attackers to disclose protected information.

The vulnerability of the System Management Unit SMU component of AMD processors exists due to insufficient checking of input data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

JTEKT ELECTRONICS Screen Creator Advance 缓冲区错误漏洞

JTEKT ELECTRONICS Screen Creator Advance is a screen development tool from JTEKT ELECTRONICS. A security vulnerability exists in JTEKT ELECTRONICS Screen Creator Advance 2 Ver.0.1.1.4 Build01 version and prior versions, which stems from the inability to validate data when processing control...

Autodesk Maya X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Maya. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XB...

GHSA-P4G4-WGRH-QRG2 Panic due to malformed WALs in go.etcd.io/etcd

Vulnerability type Data Validation Detail The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant tryi...

Panic due to malformed WALs in go.etcd.io/etcd

Vulnerability type Data Validation Detail The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant tryi...

Remote Code Execution in "Import Settings" feature

Description Due to Improper data validation in "Import Settings" feature, an authenticated attacker can send crafted settings with malicious payload inside "system.croncmdline" value. Step to reproduce Requirement: PHP code must be executed on attacker machine - Step 1: Attacker run web server an...

The vulnerability of Eclipse Jetty servlet containers arises from insufficient validation of input data, allowing attackers to cause failures in the proxy script.

The vulnerability of Eclipse Jetty servlet containers exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause failures in the proxy scenarios...

The vulnerability of the i740 video driver in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the i740 video driver in the Linux operating system is related to the lack of checks on user data. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the WebUI user interface of the Oracle Primavera Gateway integration platform allows a malicious individual to gain unauthorized access to read, modify, or delete data.

The vulnerability of the WebUI user interface of the Oracle Primavera Gateway data integration platform is related to insufficient validation of entered data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to read, modify, or delete data usi...

Tenable.sc 代码问题漏洞

Tenable Network Security Tenable.Sc is a vulnerability analysis solution from Tenable Network Security, USA. The product supports real-time vulnerability assessment and management, among other things. A security vulnerability exists in versions of Tenable.sc prior to 6.0.0 that stems from imprope...

The vulnerability of the Windows Authentication component in Microsoft Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Windows Authentication component in Microsoft Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially crafted data...

USN-5816-1 firefox vulnerabilities

Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. An attacker could potentially exploits this to obtain sensitive information. CVE-2023-23597 Tom...

Mozilla Firefox 缓冲区错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a buffer error vulnerability that originates from not performing validation checks on GTK drag and drop data. An attacker could exploit the vulnerability to obtain sensitiv...

Attacker can fake an ERC20 token as the paymentToken and call ClearingHouse.safeTransferFrom() to prematurely settle the auction, preventing the actual auction from completing

Lines of code Vulnerability details Impact ClearingHouses are deployed for each new loan and settle payments between Seaport auctions and Astaria Vaults if a liquidation occurs. However, due to the lack of proper data validation in the current implementation, anyone can fake a token and transfer ...

CVE-2022-4235

RushBet version 2022.23.1-b490616d allows a remote attacker to steal customer accounts via use of a malicious application. This is possible because the application exposes an activity and does not properly validate the data it receives...

Design/Logic Flaw

RushBet version 2022.23.1-b490616d allows a remote attacker to steal customer accounts via use of a malicious application. This is possible because the application exposes an activity and does not properly validate the data it receives...

Open Redirect

apache-superset is vulnerable to Open Redirect. The vulnerability exists due to improper data validation in the library, allowing an attacker with update dataset permission to change a dataset link to an untrusted site and redirect to the malicious URLs by clicking on a specific dataset...