IndexPool._pow wrong loop and does not normalize values

Handle cmichel Vulnerability details The IndexPool.compute function is indented as if the if n % 2 != 0 output = output a; is inside the loop but there are actually not braces around it. It must be in the loop for the exponentiation by repeated squaring algorithm to work: function powuint256 a,...

Trend Micro Security Backlink Vulnerability

Trend Micro Security is a suite of computer security software from Trend Micro, Inc. A back-linking vulnerability exists in Trend Micro Security Consumer, which stems from the product's failure to properly check for symbolic links to think-only directories. An attacker could exploit the...

NPM arborist 后置链接漏洞

NPM arborist is a software package from the American company npm NPM. It is used to visualize hierarchical data stored as flat lists. A backlink vulnerability exists in arborist that allows an attacker to perform arbitrary file creation, arbitrary file overwriting, and arbitrary code execution...

NPM arborist 后置链接漏洞

NPM arborist is a software package from the American company npm NPM. It is used to visualize hierarchical data stored as flat lists. NPM arborist suffers from a backlink vulnerability that originates from an improperly designed or implemented code development process for a networked system or...

node-tar 后置链接漏洞

node-tar is a software package for file compression/decompression. A backlink vulnerability exists in Node-tar, which stems from the product not validating special characters. An attacker can use this vulnerability to create malicious files in other paths...

Microsoft Windows Event Tracing 后置链接漏洞

Microsoft Windows Event Tracing is an application from Microsoft Corporation USA. It provides a mechanism for tracking and logging events raised by user-mode applications and kernel-mode drivers. A backlink vulnerability exists in Microsoft Windows Event Tracing. The following products and editio...

Microsoft Windows 后置链接漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A backlink vulnerability exists in Microsoft Windows. The following products and editions are affected:Windows 10 Version 21H1 for x64-based Systems,Windows 10 Version 21H1 for ARM64-base...

node-tar 后置链接漏洞

node-tar is a software package for file compression/decompression. A backlink vulnerability exists in node-tar, which is an arbitrary file creation/overwrite vulnerability that stems from insufficient symbolic link protection...

Sorcery 后置链接漏洞

Sorcery is an authentication software package. A backlink vulnerability exists in play-sorcery-kms in Sorcery version 0.6.0. A local attacker can exploit this vulnerability to gain root privileges by attacking /tmp/replay-sorcery or /tmp/replay-sorcery/device.sock via symbolic links...

Ubuntu Apport Backlink Vulnerability (CNVD-2021-57437)

Apport is a toolkit for collecting and giving feedback on error messages information that the operating system finds useful when an application crashes. A security vulnerability exists in Ubuntu Apport that stems from incorrect handling of certain information gathering operations, which can be...

Ubuntu Apport Backlink Vulnerability (CNVD-2021-57436)

Apport is a toolkit for collecting and giving feedback on error messages information that the operating system finds useful when an application crashes. A security vulnerability exists in Ubuntu Apport that stems from Apport incorrectly handling certain information-gathering operations, which can...

Backdrop CMS 后置链接漏洞

Backdrop CMS is an open source content management system CMS. A backlink vulnerability exists in Backdrop CMS. The vulnerability stems from the use of the third-party PEAR ArchiveTar library and could allow a remote attacker to execute arbitrary code on the system...

IBM DB2 Backlink Vulnerability

IBM DB2 is a relational database management system from the American company IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM DB2 for Linux, UNIX, and Windows including DB2 Connect Server has a backlink vulnerability that can be exploit...

IBM DB2 后置链接漏洞

IBM DB2 is a relational database management system from the American company IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM DB2 for Linux, UNIX, and Windows including DB2 Connect Server has a backlink vulnerability that can be exploit...

openSUSE 后置链接漏洞

openSUSE is a suite of Linux-based free operating systems and open source community projects from SUSE Germany. openSUSE is a Linux-based free operating system and open source community project. A backlink vulnerability exists in openSUSE that allows a local attacker to escalate from user postori...

Intel DSA 后置链接漏洞

Intel DSA is a driver update tool. It can detect user drivers, update installed drivers to the latest version, support intel series of graphics cards, audio, network cards and chipset drivers, i card users must have. A backlink vulnerability exists in versions of Intel DSA prior to 20.11.50.9 tha...

Canonical Ubuntu 后置链接漏洞

Canonical Ubuntu is a GNU/Linux operating system from the British company Canonical that focuses on desktop applications. Ubuntu Pleaser suffers from a security vulnerability that can be exploited by an attacker with multiple Pleaser vulnerabilities...

Microsoft Windows WalletService 后置链接漏洞

Microsoft Windows WalletService is an application from Microsoft Corporation USA. that hosts objects used by the Wallet Client. A backlink vulnerability exists in Windows WalletService. The following products and versions are affected: Windows 10 Version 1803 for 32-bit Systems, Windows 10 Versio...

Check Point Identity Agent Backlink Vulnerability

Check Point Identity Agent is an application from Check Point USA. It is used to obtain and report identities to the Check Point Identity Awareness Security Gateway. A back-link vulnerability exists in versions prior to Check Point Identity Agent R81.018.0000, which allows a less privileged user ...

GNU Guix 后置链接漏洞

GNU Guix is an open source, cross-platform package manager for the GNU community. A backlink vulnerability exists in GNU guix-daemon that allows an unprivileged user to spawn a build process...