731 matches found
CVE-2022-25724
Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...
Providing the same address for the "base" and the "quote" tokens creates a risk of fund loss for the seller.
Lines of code Vulnerability details Impact The "createAuction" function requires the seller to input the address of a base and a quote token. However, there is no statement that checks whether or not these two provided addresses are the same. As a result, the seller could accidentally fill in an...
PT-2022-25735 · Sap · Sap Netweaver Abap Server +1
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver ABAP Server and ABAP Platform affected versions not specified Description: The issue allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being...
Design/Logic Flaw
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based, attacker to cause Denial of Service DoS. A PFE crash will happen when a GPRS Tunnel Protocol GTP packet is...
CVE-2022-36063 USBX Host CDC ECM integer underflow with buffer overflow
Azure RTOS USBx is a USB host, device, and on-the-go OTG embedded stack, fully integrated with Azure RTOS ThreadX and available for all Azure RTOS ThreadX–supported processors. Azure RTOS USBX implementation of host support for USB CDC ECM includes an integer underflow and a buffer overflow in th...
Not checking 0 address in moveWithheldETH() can lead into loss of funds
Lines of code Vulnerability details Not checking 0 address in moveWithheldETH can lead into loss of funds Impact If by error to address is 0, value would be moved to 0 address, and therefore lost Proof of Concept Recommended Mitigation Steps Check 0 address on moveWithHeldEth --- The text was...
CVE-2022-2877
The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers...
Design/Logic Flaw
The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers...
CVE-2022-37010
CVE-2022-37010 affects JetBrains IntelliJ IDEA prior to 2022.2, due to missing email address validation in the "Git User Name Is Not Defined" dialog. Root cause: absence of validation in that dialog as described in multiple sources (NVD/Red Hat/CVE records, PT-2022-23755). Reported impact is low ...
DEBIAN-CVE-2022-2165
Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name...
Not safe transferFrom
Lines of code Vulnerability details Impact The Safe library says: @dev Caution! This library won't check that a token has code, responsibility is delegated to the caller. But this check is not made in Swivel contract, so the Safe library it's prone to phantom methods attacks. Supposedly it is a...
CVE-2022-32212
A OS Command Injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks...
ALPINE-CVE-2022-32212
A OS Command Injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks...
UBUNTU-CVE-2022-32212
A OS Command Injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks...
CVE-2022-26649
A vulnerability has been identified in SCALANCE X200-4P IRT All versions V5.5.2, SCALANCE X201-3P IRT All versions V5.5.2, SCALANCE X201-3P IRT PRO All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2P IRT All versions V5.5.2, SCALAN...
ApiFest OAuth 2.0 Server 输入验证错误漏洞
ApiFest OAuth 2.0 Server is ApiFest open source an OAuth 2.0 protocol ApiFest OAuth 2.0 Server Java implementation . A security vulnerability exists in ApiFest OAuth 2.0 Server version 0.3.1, which stems from not validating the redirect URI according to RFC 6749, which can be exploited by an...
The vulnerability of the Yandex Browser for the iOS operating system, related to errors when checking URLs with the scheme `facetime://`, allows a perpetrator to initiate video calls without notifying the user.
The vulnerability of the Yandex Browser browser for the iOS operating system is related to errors during the validation of URLs with the scheme facetime://. Exploiting this vulnerability allows a malicious actor to initiate video calls without notifying the user...
WatsonWebserver 代码问题漏洞
WatsonWebserver is a simple, scalable, fast, asynchronous Web server from Joel Christner, an individual developer in the United States. It is used to process RESTful HTTP / HTTPS requests written in C. A code issue vulnerability exists in WatsonWebserver version 4.1.3 and earlier, and IpMatcher...
OpensStack Neutron Denial of Service Vulnerability
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from...
CVE-2021-26351
Insufficient DRAM address validation in System Management Unit SMU may result in a DMA Direct Memory Access read/write from/to invalid DRAM address that could result in denial of service...