SUSE CVE-2020-6460

Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name...

SUSE CVE-2021-25737

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs...

SUSE CVE-2021-26337

Insufficient DRAM address validation in System Management Unit SMU may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests...

PT-2023-19256 · Sap · Sap Solution Manager

Name of the Vulnerable Software and Affected Versions: SAP Solution Manager version 720 Description: The issue allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation. A successful attack could lead an attacker to read or modify the information or...

Mint to without check for zero address

Lines of code Vulnerability details Impact Mint to without check for zero address. This can lead to lost of token Proof of Concept Tools Used Recommended Mitigation Steps add check to be sure that address to is not empty --- The text was updated successfully, but these errors were encountered: Al...

Debian: Security Advisory (DSA-5326-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5326-1] nodejs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5326-1 [email protected] https://www.debian.org/security/ Aron Xu January 24, 2023 https://www.debian.org/security/faq -...

ERC20Permit should include chainId and address to avoid replay attacks

Lines of code Vulnerability details Impact This ensures a signature is only used for our given token contract address on the correct chain id. The chain id was introduced to exactly identify a network after the Ethereum Classic fork which continued to use a network id of 1. Include the chainId to...

CVE-2022-23814

Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment...

Input validation

Insufficient validation of address mapping to IO in ASP AMD Secure Processor may result in a loss of memory integrity in the SNP guest...

CVE-2022-23814

Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment...

CVE-2022-23814

CVE-2022-23814 describes a failure to validate addresses provided by software to BIOS commands, which may cause loss of integrity of guest memory in confidential compute environments. The vulnerability is tied to AMD platform components (SBIOS/ASP/SMU/ BIOS mailbox handling) and is documented und...

PT-2023-1408 · Amd · Amd Secure Processor

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor affected versions not specified Description: The issue is related to insufficient validation of address mapping to IO in the AMD Secure Processor, which may result in a loss of memory integrity in the SNP guest. This coul...

Signature mallebaility in underwritePriceForCollateral

Lines of code Vulnerability details Impact underwritePriceForCollateral has signature malleability as it doesn't check for a returned address of not 0. Value can be set to 0 oracleSigner Proof of Concept function underwritePriceForCollateralERC721 asset, PriceKind priceKind, OracleInfo memory...

Open Redirect in oidc_validate_redirect_url()

...

UBUNTU-CVE-2022-43548

A OS Command Injection vulnerability exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.Th...

CallEVM does not validate the existence of the address being called

Lines of code Vulnerability details Impact Evm.go's CallEVM function performs a EVM call to a given address with an input amount. However, the existence of the address is not validated. If the call is made with an amount to a contract, where it might be deleted or non-existed, the funds will be...

PT-2022-17481 · Qualcomm · Qualcomm Snapdragon

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon affected versions not specified Description: The issue is related to memory corruption in graphics due to a buffer overflow that occurs while validating the user address. This problem affects various Qualcomm Snapdragon...

CVE-2022-25724

Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

CVE-2022-25724

Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...