PT-2025-5270 · Microsoft · Intune +1

Name of the Vulnerable Software and Affected Versions: Himmelblau versions 0.7.0 through 0.7.14 Himmelblau versions 0.8.0 through 0.8.2 Description: Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debug logging is enabled, user access tokens are inadvertently...

Unsafe cast in swap and uniswapV3SwapCallback functions can lead to attack

Lines of code Vulnerability details Impact The swap and uniswapV3SwapCallback functions performs an unsafe cast of a uint256 type to a signed integer. amountReceived = uint256-projectTokenIsZero ? amount0 : amount1; Note that amount is chosen by the caller and when choosing amount = 2256 - 1, thi...

PT-2022-7087 · Unknown · Qubes-Mirage-Firewall

Name of the Vulnerable Software and Affected Versions: qubes-mirage-firewall versions 0.8.x through 0.8.3 Description: The issue is related to a denial of service caused by a crafted multicast UDP packet. This can lead to CPU consumption and loss of forwarding. The vulnerability can be exploited ...

GitLab 0.8.x < 14.2.6, 14.3.x < 14.3.4, 14.4.x < 14.4.1 Code Injection Vulnerability.

GitLab is prone to a code injection vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if description...

Unsafe uint64 casting may overflow

Handle sirhashalot Vulnerability details Impact The calculateRewardAmount function casts epoch timestamps from uint256 to uint64 and these may overflow. The epochStartTimestamp value is a function of the user-supplied epochId value, which could be extremely large up to 2255 – 1. While Solidity...

implicit underflows

Handle gpersoon Vulnerability details Impact There are a few underflows that are converted via a typecast afterwards to the expected value. If solidity 0.8.x would be used, then the code would revert. int256a-b where a and b are uint, For example if a=1 and b=2 then the intermediate result would ...

Design/Logic Flaw

The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x before 0.8.4rc1 allows remote attackers to cause a denial of service divide-by-zero error and daemon crash via a crafted sequence of messages...

CVE-2013-0288

nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service application crash and possibly execute arbitrary code by performing a name lookup on an application with a large number of open file descriptors, which triggers a stack-based buffer...

Code injection

Multiple unspecified vulnerabilities in the 1 decodebandhdr function in indeo4.c and 2 ffividecodeblocks function in ivicommon.c in libavcodec/ in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, have unknown impact and attack vectors, related to the "transform size."...

Design/Logic Flaw

Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to dimensions and "out of array writes."...

CVE-2012-2786

Unspecified vulnerability in the decodewdlt function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array write."...

CVE-2011-3936

CVE-2011-3936 affects FFmpeg/libavcodec DV handling. The vulnerability exists in dv_extract_audio() for FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11 and Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, 0.8.x before 0.8.1. It allows remote attackers to trigger an out-of-bounds ...

CVE-2012-3587

APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle MITM attack...

Design/Logic Flaw

APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle MITM attack...

CVE-2012-3587

CVE-2012-3587 affects Apt 0.7.x before 0.7.25 and 0.8.x before 0.8.16. The flaw occurs when using apt-key net-update to import keyrings: it relies on GnuPG argument order and does not check GPG subkeys, which could allow remote attackers to install Trojan horse packages via a man-in-the-middle at...

CVE-2011-2532

The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service infinite loop via invalid JSON data, as demonstrated by truncated data...

CVE-2011-2532

The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service infinite loop via invalid JSON data, as demonstrated by truncated data...

Design/Logic Flaw

The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service infinite loop via invalid JSON data, as demonstrated by truncated data...

CVE-2011-2531

Prosody 0.8.x before 0.8.1, when MySQL is used, assigns an incorrect data type to the value column in certain tables, which might allow remote attackers to cause a denial of service data truncation by sending a large amount of data...

CVE-2011-2531

Prosody 0.8.x before 0.8.1, when MySQL is used, assigns an incorrect data type to the value column in certain tables, which might allow remote attackers to cause a denial of service data truncation by sending a large amount of data...