Lucene search
K

165 matches found

CNNVD
CNNVD
added 2022/01/13 12:0 a.m.5 views

Stanford CoreNlp 代码问题漏洞

Stanford CoreNlp is a suite of open source, natural language analysis tools written in Java by the Stanford Nlp Group team in the United States. Stanford corenlp has a code issue vulnerability that arises from improper design or implementation during code development of a networked system or...

7.1CVSS7AI score0.00739EPSS
Exploits1References2
Code423n4
Code423n4
added 2022/01/10 12:0 a.m.15 views

TimeswapPair.sol#borrow() Improper implementation allows attacker to increase pool.state.z to a large value

Handle WatchPug Vulnerability details In the current implementation, borrow takes a user input value of zIncrease, while the actual collateral asset transferred in is calculated at L319, the state of pool.state.z still increased by the value of the user's input at L332. Even though a large number...

6.7AI score
Exploits0
CNNVD
CNNVD
added 2022/01/06 12:0 a.m.4 views

GPAC 代码问题漏洞

GPAC is an open source multimedia framework. GPAC 1.0.1 contains a security vulnerability that stems from improper design or implementation during the development of code for a networked system or product, which could be exploited by an attacker to conduct a denial-of-service attack...

5.5CVSS5.7AI score0.00625EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/01/06 12:0 a.m.4 views

GPAC 代码问题漏洞

GPAC is an open source multimedia framework. GPAC 1.0.1 contains a security vulnerability that stems from improper design or implementation during the development of code for a networked system or product, which could be exploited by an attacker to conduct a denial-of-service attack...

5.5CVSS5.7AI score0.00625EPSS
Exploits1References4
CNVD
CNVD
added 2021/11/24 12:0 a.m.19 views

JetBrains Ktor Licensing Issue Vulnerability

JetBrains Ktor is a web application framework from JetBrains Czech Republic. An authorization issue vulnerability exists in JetBrains Ktor prior to 1.6.4, which stems from improper implementation of nonce authentication in the OAuth2 authentication process. No detailed vulnerability details are...

7.5CVSS2AI score0.00836EPSS
Exploits0References1
CNVD
CNVD
added 2021/11/17 12:0 a.m.37 views

Google Chrome referrer security bypass vulnerability

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome due to an improper implementation of certain features in the product. A remote attacker could exploit the vulnerability to bypass security restrictions...

6.5CVSS3.2AI score0.00788EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/11/03 12:0 a.m.14 views

jsonpointer 安全漏洞

jsonpointer is an open source package for simple JSON addressing. jsonpointer suffers from a security vulnerability that stems from improper design or implementation during the development of code for a web-based system or product. No details of the vulnerability are currently available...

9.8CVSS8.4AI score0.02539EPSS
Exploits1References5
CNNVD
CNNVD
added 2021/11/03 12:0 a.m.24 views

json-pointer 安全漏洞

Json-Pointer is an open source, Rfc 6901 described by Manuel Stofer, a Swiss individual developer of some utilities for Json pointers. json-pointer has a security vulnerability that stems from improper design or implementation during the code development of a web-based system or product. No...

9.8CVSS5.6AI score0.01813EPSS
Exploits1References6
CNNVD
CNNVD
added 2021/11/02 12:0 a.m.5 views

Naver Whale Browser 安全漏洞

Naver Whale Browser is a web browser that supports user-defined interfaces from Naver, a South Korean company. A security vulnerability exists in Naver Whale Browser that arises from improper design or implementation during code development of a web system or product...

5.3CVSS5.8AI score0.00685EPSS
Exploits0References2
CNVD
CNVD
added 2021/10/21 12:0 a.m.35 views

Google Chrome WebApp Installer improperly implemented vulnerability

Chrome is a web browsing tool developed by Google. versions prior to Google Chrome 95.0.4638.54 are vulnerable to an improper implementation of WebApp Installer. An attacker could potentially override and spoof the content of the multi-function box URL bar via a crafted HTML page...

6.5CVSS3.5AI score0.00784EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/10/21 12:0 a.m.4 views

Alfresco 代码问题漏洞

Alfresco is an open source enterprise content management system. The platform pages are developed using Freemarker, and the main features include document management, collaboration, records management, knowledge base management, Web content management, etc. Alfresco has a security vulnerability...

5.3CVSS5.7AI score0.00829EPSS
Exploits0References3
CNVD
CNVD
added 2021/10/21 12:0 a.m.27 views

Google Chrome Blink improperly implemented vulnerability (CNVD-2021-84806)

Chrome is a web browsing tool developed by Google. versions prior to Google Chrome 95.0.4638.54 are vulnerable to an improper Blink implementation. An attacker could exploit this vulnerability to abuse content security policies via crafted HTML pages...

6.5CVSS4.3AI score0.00797EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/10/20 12:0 a.m.5 views

Modern-Async 资源管理错误漏洞

Modern-Async is a modern JavaScript tool library for asynchronous operations using Async/Await and Promise. A resource management error vulnerability exists in modern-async that arises from improper design or implementation during code development for a networked system or product...

7.5CVSS7.4AI score0.01624EPSS
Exploits1References4
CNVD
CNVD
added 2021/10/09 12:0 a.m.36 views

Google Chrome Sandbox Improper Implementation Vulnerability (CNVD-2021-84816)

Chrome is a web browsing tool developed by Google. versions prior to Google Chrome 94.0.4606.81 are vulnerable to improper sandbox implementation. An attacker could potentially bypass site quarantine via Windows by exploiting this vulnerability...

7.4CVSS4.9AI score0.01416EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/09/27 12:0 a.m.4 views

ZOHO ManageEngine ADManager Plus 代码问题漏洞

ZOHO ManageEngine ADManager Plus is a Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and help desk technicians with day-to-day administrative tasks, such as bulk management of user accounts and A...

9.8CVSS8.7AI score0.93401EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/09/22 8:37 p.m.48 views

Improperly Implemented path matching for in-toto-golang

Impact Authenticated attackers posing as functionaries i.e., within a trusted set of users for a layout are able to create attestations that may bypass DISALLOW rules in the same layout. An attacker with access to trusted private keys, may issue an attestation that contains a disallowed artifact ...

6.5CVSS3AI score0.00416EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2021/09/21 12:0 a.m.5 views

http4s 注入漏洞

http4s is an open source streaming HTTP server for Scala. http4s suffers from an injection vulnerability that arises from improper design or implementation during code development of a network system or product...

8.7CVSS6.6AI score0.01196EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/09/09 12:0 a.m.6 views

Samsung Mobile Device 代码问题漏洞

Samsung Mobile Device is a series of mobile smart devices from Samsung, a South Korean company. A security vulnerability exists in Samsung Mobile Device, which arises from an improper design or implementation of a networked system or product code development process...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/09/08 12:0 a.m.4 views

LINE for iOS 安全漏洞

Line for IOS is an instant messaging application based on the IOS platform. A security vulnerability exists in LINE for iOS that arises from improper design or implementation during code development of a networked system or product...

5.3CVSS5.8AI score0.00776EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/09/05 12:0 a.m.3 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS has a security vulnerability that arises from improper design or implementation during code development of a network system or product...

9.8CVSS8.4AI score0.00741EPSS
Exploits0References2
Rows per page
Query Builder