730 matches found
DEBIAN-CVE-2023-36053
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression denial of service attack via a very large number of domain name labels of emails and URLs...
PT-2023-7991 · Zabbix +2 · Zabbix +2
Name of the Vulnerable Software and Affected Versions: Zabbix affected versions not specified Description: The issue is related to the URL validation scheme in Zabbix, which receives input from a user and parses it to identify its various components. The validation scheme can ensure that all URL...
CVE-2021-26397
Insufficient address validation, may allow an attacker with a compromised ABL and UApp to corrupt sensitive memory locations potentially resulting in a loss of integrity or availability...
Design/Logic Flaw
Insufficient address validation, may allow an attacker with a compromised ABL and UApp to corrupt sensitive memory locations potentially resulting in a loss of integrity or availability...
CVE-2021-46764
Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentially resulting in a denial of service...
CVE-2021-26397
Insufficient address validation, may allow an attacker with a compromised ABL and UApp to corrupt sensitive memory locations potentially resulting in a loss of integrity or availability...
CVE-2021-26397
Insufficient address validation, may allow an attacker with a compromised ABL and UApp to corrupt sensitive memory locations potentially resulting in a loss of integrity or availability...
CVE-2021-26397
CVE-2021-26397: Affected AMD components are the AMD Secure Processor (ASP) and the AMD System Management Unit (SMU). The issue is insufficient address validation that can allow a compromised ABL and UApp to corrupt sensitive memory locations, potentially impacting integrity and availability. AMD’...
PT-2023-12097 · Amd · 3Rd Gen Amd Epyc™ +19
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to insufficient address validation. This may allow an attacker with a compromised ABL and UApp to corrupt sensitive memory location...
D-Link DNR-322L <=2.60B15 - Authenticated Remote Code Execution Exploit
Exploit Title: D-Link DNR-322L Exploit Writeup: https://lukasec.ch/posts/dlinkdnr322.html Vendor Homepage: https://dlink.com Vendor Advisory: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10305 Software Link: http://legacyfiles.us.dlink.com/DNR-322L/REVA/FIRMWARE...
Unsafe system contract verification
Lines of code Vulnerability details Impact On the following function: function isSystemContractaddress address internal pure returns bool return uint160address = uint160MAXSYSTEMCONTRACTADDRESS; it does check whether an address is a system contract by checking whether it is smaller than...
Design/Logic Flaw
OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, if dsisinlist is used with an invalid IP address string NULL is illegal input, OpenSIPS will attempt to print a string from a random address stack garbage, which could lead to a crash. All user...
BYTES2.getReward: no check for input
Lines of code Vulnerability details Impact the function getReward should validate that to is not an empty address 0x0 to prevent accidental loss of BYTES. Impact: mint reward BYTES to address0 will be lost Proof of Concept function getReward address to external uint256 reward, uint256 daoCommisio...
Address(0) check on array of addresses is not performed
Lines of code Vulnerability details Impact Likelihood-Impact = Severity Low-High = Medium Proof of Concept function initialize address vault, address memory strategists, address memory multisigRoles,// @audit array both length check IAToken gWant calls to another ReaperBaseStrategyinit in contrac...
Upgraded Q -> 2 from #18 [1677668571999]
Judge has assessed an item in Issue 18 as 2 risk. The relevant finding follows: L-01 changePayees can result in broken share count Description for uint256 i; i newPayees.length; i++ if newPayeesi == address0 revert Errors.CANNOTSETTOADDRESSZERO; if newSharesi == 0 revert Errors.SHARECANNOTBEZERO;...
The vulnerability of the implementation of the AMD Secure Processor (ASP) microprogramming software for AMD processors allows a perpetrator to influence the integrity of the protected information.
The vulnerability of the AMD Secure Processor ASP microprogramming software for AMD processors lies in insufficient data validation during the translation of input/output addresses. Exploiting this vulnerability could allow a malicious actor to influence the integrity of the protected information...
SUSE CVE-2014-3172
The Debugger extension API in browser/extensions/api/debugger/debuggerapi.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as...
SUSE CVE-2017-9353
In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address...
SUSE CVE-2018-14635
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from...
SUSE CVE-2019-5839
Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL...