OTFCC Buffer Overflow Vulnerability (CNVD-2025-02613)

OTFCC is Caryll open source a C library and utility programs. Used to parse and write OpenType font files. A buffer overflow vulnerability exists in OTFCC version 0.10.4, which stems from a lack of proper validation of user-supplied data in the /release-x64/otfccdump+0x6e41b0 file, and can be...

OTFCC Buffer Overflow Vulnerability (CNVD-2024-08537)

OTFCC is Caryll open source a C library and utility programs. Used to parse and write OpenType font files. A buffer overflow vulnerability exists in OTFCC version 0.10.4, which stems from a lack of proper validation of user-supplied data in the /release-x64/otfccdump+0x617087 file, and can be...

OTFCC Buffer Overflow Vulnerability (CNVD-2024-08538)

OTFCC is Caryll open source a C library and utility programs. Used to parse and write OpenType font files. A buffer overflow vulnerability exists in OTFCC version 0.10.4, which stems from a lack of proper validation of user-supplied data in the /release-x64/otfccdump+0x6171b2 file, and can be...

OTFCC Buffer Overflow Vulnerability (CNVD-2024-08543)

OTFCC is Caryll open source a C library and utility programs. Used to parse and write OpenType font files. A buffer overflow vulnerability exists in OTFCC version 0.10.4, which stems from a lack of proper validation of user-supplied data in the /release-x64/otfccdump+0x6b0466 file, and can be...

Oracle price could not be fresh

Lines of code Vulnerability details Vulnerability In FraxlendPairCore.updateExchangeRate, we are using latestRoundData, but there are no validations that the data is not stale. The current code is: , int256 answer, , , = AggregatorV3InterfaceoracleMultiply.latestRoundData; if answer = round, "Sta...

Chainlink's latestRoundData() might return stale or incorrect data

Lines of code Vulnerability details Impact The only value being checked from the return of latestRoundData is answer. Chainlink will return more fields that can be checked to ensure the data is not stale/incorrect. Proof of Concept Lack of checks inside the function updateExchangeRate might cause...

Affiliates Manager < 2.9.14 - Affiliate CSV Injection

The plugin does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data PoC Register as an affiliate and put the following payload in the Firstname, Lastname or Company fields: =10+2+30 As...

The vulnerability of the Office Online Server web server, related to insufficient validation of input data, allows attackers to execute arbitrary code.

The vulnerability of the Office Online Server web server is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code on the target system...

GLSA-202208-25 : Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202208-25 Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details...

USN-5566-1: Linux kernel vulnerabilities

Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...

The vulnerability of Google Chrome and Microsoft Edge browsers, related to insufficient validation of input data, allows attackers to disclose protected information.

The vulnerability of Google Chrome and Microsoft Edge is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...

Emerson ControlWave 数据伪造问题漏洞

Emerson ControlWave is a highly programmable controller from Emerson Electric U.S. that combines the unique capabilities of a Programmable Logic Controller PLC and a Remote Terminal Unit RTU into a hybrid controller. A data forgery vulnerability exists in all versions of Emerson ControlWave, whic...

Add members to the not yet created community

Lines of code Vulnerability details Impact There is a addMember function in the Community. The function accepts data that should be signed by the community.owner and newMemberAddr. // Compute hash from bytes bytes32 hash = keccak256data; // Decode params from data uint256 communityID, address...

IBM DataPower Gateway Cross-Site Scripting Vulnerability (CNVD-2022-56972)

IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface API, web, service-oriented architecture SOA, B2B, and cloud workloads. The platform protects, integrates, and optimizes access across channe...

Shopware Cross-Site Scripting Vulnerability (CNVD-2022-56128)

Shopware is a set of open source e-commerce software from the German company Shopware.Shopware suffers from a cross-site scripting vulnerability, which stems from a lack of data validation filtering of user-supplied data and output in the client module. An attacker could exploit the vulnerability...

CVE-2022-28668

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.9.2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.9.2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2022-28684

CVE-2022-28684 describes a remote code execution via deserialization in DevExpress SafeBinaryFormatter. Exploitation requires authentication; impact is high (C Confidentiality/Integrity/Availability). Affected: IBM Robotic Process Automation &lt; 21.0.4 and IBM Robotic Process Automation for Clou...

Ubuntu: Security Advisory (USN-5544-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5545-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...