InHand Networks InRouter302 安全漏洞

The InHand Networks InRouter302 is an LTE cellular router from InHand Networks USA. A security vulnerability exists in the InHand Networks InRouter302 version V3.5.45, which stems from a remaining debug code vulnerability in the console authentication feature...

WordPress plugin Kadence WooCommerce Email Designer 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

Incorrect input amount calculation for Trader Joe V1 pools

Lines of code Vulnerability details Impact Input amount is calculated incorrectly for Trader Joe V1 pools when swapping tokens across multiple pools and some of the pools in the chain are V1 ones. Calculated amounts will always be bigger than expected ones, which will always affect chained swaps...

Mozilla Firefox 代码问题漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox has a code issue vulnerability, there is no information about this vulnerability yet, please stay tuned to CNNVD or the vendor announcement...

Linux Kerne code issue vulnerability

The Linux Kernel is the kernel used by the Linux Foundation's open source operating system Linux, which is vulnerable. A local attacker could exploit this vulnerability to cause a system crash, which could affect system availability...

Information disclosure

In various functions of apinputprocessor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

SONY Content Transfer Code Issue Vulnerability

SONY Content Transfer is a file transfer software from Sony Japan. It is suitable for customers who manage music, video, photo, and podcast content using iTunes, etc. SONY Content Transfer suffers from a code issue vulnerability that stems from the installer containing a DLL search path issue tha...

CVE-2022-20420

In getBackgroundRestrictionExemptionReason of AppRestrictionController.java, there is a possible way to bypass device policy restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...

ERC1155's Amount Parameter Manipulation To Steal Buyers' Funds

Lines of code Vulnerability details Vulnerability Details We discovered that a rogue seller i.e., attacker can place an order for selling N amount where N 1 of a specific token id of an ERC-1155 NFT collection. However, when the sell order is fulfilled by a buyer, the attacker would spend only 1...

Signature malleability

Lines of code Vulnerability details Impact Signature malleability allows the user to reuse the same signature twice. Which may cause order to be executed twice. Proof of Concept function recover bytes32 digest, uint8 v, bytes32 r, bytes32 s internal pure returns address requirev == 27 || v == 28,...

Huawei HarmonyOS 代码问题漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a code issue vulnerability that stems from a possible heap overflow/out-of-bounds read/null pointer issue in cell phone product...

Huawei HarmonyOS 代码问题漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a code issue vulnerability that stems from a possible heap overflow/out-of-bounds read/null pointer issue in cell phone product...

Huawei HarmonyOS 代码问题漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a code issue vulnerability that stems from a possible heap overflow/out-of-bounds read/null pointer issue in cell phone product...

Infinity loop can lead to denial of service

Lines of code Vulnerability details Impact Infinity loop can lead to denial of service Proof of Concept Tools Used None. Recommended Mitigation Steps Refactor code if is possible. --- The text was updated successfully, but these errors were encountered: All reactions...

mojoPortal 代码问题漏洞

mojoPortal is the United States Joe Audette individual developer of a set of open source , object-oriented Web site architecture WSF and content management system CMS. The system offers event calendars, photo albums, file managers, and more. A code issue vulnerability exists in mojoPortal version...

Wrong balanceOf user after minting legendary gobbler

Lines of code Vulnerability details Impact In ArtGobblers.mintLegendaryGobbler function, line 458 calculates the number of gobblers user owned after minting // We subtract the amount of gobblers burned, and then add 1 to factor in the new legendary. getUserDatamsg.sender.gobblersOwned =...

Nepxion 代码问题漏洞

Nepxion is a China Nepxion open source based on Spring & Spring Boot & Spring Cloud framework. Nepxion Discovery There is a code issue vulnerability , the vulnerability stems from the vulnerability to potential server-side request forgery SSRF attacks , the attacker can use the vulnerability can...

CVE-2022-35087

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via MovieAddFrame at /src/gif2swf.c...

Users can lose funds because It's possible to call withdraw() in Vault without call to endEpoch() by Controller.triggerEndEpoch(),

Lines of code Vulnerability details Impact users shouldn't be allowed to withdraw their funds before epoch settling down, and code should check that endEpoch has been called before allowing withdraw for that epoch. but right now withdraw only checks that epoch has been ended and this would happen...

this is a test

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The...