Lucene search
K

731 matches found

Vulnrichment
Vulnrichment
added 2022/11/15 12:0 a.m.7 views

CVE-2022-25724

Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

8.4CVSS8AI score0.00117EPSS
Exploits0References1
Code423n4
Code423n4
added 2022/11/08 12:0 a.m.6 views

Providing the same address for the "base" and the "quote" tokens creates a risk of fund loss for the seller.

Lines of code Vulnerability details Impact The "createAuction" function requires the seller to input the address of a base and a quote token. However, there is no statement that checks whether or not these two provided addresses are the same. As a result, the seller could accidentally fill in an...

6.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/11/08 12:0 a.m.8 views

PT-2022-25735 · Sap · Sap Netweaver Abap Server +1

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver ABAP Server and ABAP Platform affected versions not specified Description: The issue allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being...

4.7CVSS4.5AI score0.00429EPSS
Exploits0References6
Prion
Prion
added 2022/10/18 3:15 a.m.20 views

Design/Logic Flaw

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based, attacker to cause Denial of Service DoS. A PFE crash will happen when a GPRS Tunnel Protocol GTP packet is...

5CVSS7.5AI score0.00586EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/10/10 12:0 a.m.36 views

CVE-2022-36063 USBX Host CDC ECM integer underflow with buffer overflow

Azure RTOS USBx is a USB host, device, and on-the-go OTG embedded stack, fully integrated with Azure RTOS ThreadX and available for all Azure RTOS ThreadX–supported processors. Azure RTOS USBX implementation of host support for USB CDC ECM includes an integer underflow and a buffer overflow in th...

7.6CVSS10AI score0.01516EPSS
Exploits1References3
Code423n4
Code423n4
added 2022/09/25 12:0 a.m.7 views

Not checking 0 address in moveWithheldETH() can lead into loss of funds

Lines of code Vulnerability details Not checking 0 address in moveWithheldETH can lead into loss of funds Impact If by error to address is 0, value would be moved to 0 address, and therefore lost Proof of Concept Recommended Mitigation Steps Check 0 address on moveWithHeldEth --- The text was...

6.8AI score
Exploits0
OSV
OSV
added 2022/09/16 9:15 a.m.3 views

CVE-2022-2877

The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers...

5.3CVSS5.8AI score0.00615EPSS
Exploits2References1
Prion
Prion
added 2022/09/16 9:15 a.m.16 views

Design/Logic Flaw

The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers...

5CVSS5.3AI score0.00615EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/07/28 10:25 a.m.61 views

CVE-2022-37010

CVE-2022-37010 affects JetBrains IntelliJ IDEA prior to 2022.2, due to missing email address validation in the "Git User Name Is Not Defined" dialog. Root cause: absence of validation in that dialog as described in multiple sources (NVD/Red Hat/CVE records, PT-2022-23755). Reported impact is low ...

3.6CVSS4.2AI score0.0017EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/07/28 1:15 a.m.1 views

DEBIAN-CVE-2022-2165

Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name...

4.3CVSS5.6AI score0.00699EPSS
Exploits0References1
Code423n4
Code423n4
added 2022/07/15 12:0 a.m.13 views

Not safe transferFrom

Lines of code Vulnerability details Impact The Safe library says: @dev Caution! This library won't check that a token has code, responsibility is delegated to the caller. But this check is not made in Swivel contract, so the Safe library it's prone to phantom methods attacks. Supposedly it is a...

6.7AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/07/14 3:15 p.m.1 views

CVE-2022-32212

A OS Command Injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks...

8.1CVSS8.8AI score0.05614EPSS
Exploits0References12Affected Software1
OSV
OSV
added 2022/07/14 3:15 p.m.3 views

ALPINE-CVE-2022-32212

A OS Command Injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks...

8.1CVSS7.2AI score0.05614EPSS
Exploits0References1
OSV
OSV
added 2022/07/14 3:15 p.m.3 views

UBUNTU-CVE-2022-32212

A OS Command Injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks...

8.1CVSS6.8AI score0.05614EPSS
Exploits0References6
OSV
OSV
added 2022/07/12 10:15 a.m.2 views

CVE-2022-26649

A vulnerability has been identified in SCALANCE X200-4P IRT All versions V5.5.2, SCALANCE X201-3P IRT All versions V5.5.2, SCALANCE X201-3P IRT PRO All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2P IRT All versions V5.5.2, SCALAN...

9.6CVSS7.2AI score0.01185EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/06/29 12:0 a.m.4 views

ApiFest OAuth 2.0 Server 输入验证错误漏洞

ApiFest OAuth 2.0 Server is ApiFest open source an OAuth 2.0 protocol ApiFest OAuth 2.0 Server Java implementation . A security vulnerability exists in ApiFest OAuth 2.0 Server version 0.3.1, which stems from not validating the redirect URI according to RFC 6749, which can be exploited by an...

6.1CVSS6.4AI score0.00771EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/06/22 12:0 a.m.5 views

The vulnerability of the Yandex Browser for the iOS operating system, related to errors when checking URLs with the scheme `facetime://`, allows a perpetrator to initiate video calls without notifying the user.

The vulnerability of the Yandex Browser browser for the iOS operating system is related to errors during the validation of URLs with the scheme facetime://. Exploiting this vulnerability allows a malicious actor to initiate video calls without notifying the user...

7.8CVSS6.6AI score0.01516EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/05/16 12:0 a.m.4 views

WatsonWebserver 代码问题漏洞

WatsonWebserver is a simple, scalable, fast, asynchronous Web server from Joel Christner, an individual developer in the United States. It is used to process RESTful HTTP / HTTPS requests written in C. A code issue vulnerability exists in WatsonWebserver version 4.1.3 and earlier, and IpMatcher...

9.8CVSS8.4AI score0.01921EPSS
Exploits3References6
Github Security Blog
Github Security Blog
added 2022/05/13 1:7 a.m.33 views

OpensStack Neutron Denial of Service Vulnerability

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from...

6.5CVSS6.6AI score0.02527EPSS
Exploits0References11Affected Software1
NVD
NVD
added 2022/05/12 6:16 p.m.18 views

CVE-2021-26351

Insufficient DRAM address validation in System Management Unit SMU may result in a DMA Direct Memory Access read/write from/to invalid DRAM address that could result in denial of service...

5.5CVSS0.00203EPSS
Exploits0References1
Rows per page
Query Builder