165 matches found
Stanford CoreNlp 代码问题漏洞
Stanford CoreNlp is a suite of open source, natural language analysis tools written in Java by the Stanford Nlp Group team in the United States. Stanford corenlp has a code issue vulnerability that arises from improper design or implementation during code development of a networked system or...
TimeswapPair.sol#borrow() Improper implementation allows attacker to increase pool.state.z to a large value
Handle WatchPug Vulnerability details In the current implementation, borrow takes a user input value of zIncrease, while the actual collateral asset transferred in is calculated at L319, the state of pool.state.z still increased by the value of the user's input at L332. Even though a large number...
GPAC 代码问题漏洞
GPAC is an open source multimedia framework. GPAC 1.0.1 contains a security vulnerability that stems from improper design or implementation during the development of code for a networked system or product, which could be exploited by an attacker to conduct a denial-of-service attack...
GPAC 代码问题漏洞
GPAC is an open source multimedia framework. GPAC 1.0.1 contains a security vulnerability that stems from improper design or implementation during the development of code for a networked system or product, which could be exploited by an attacker to conduct a denial-of-service attack...
JetBrains Ktor Licensing Issue Vulnerability
JetBrains Ktor is a web application framework from JetBrains Czech Republic. An authorization issue vulnerability exists in JetBrains Ktor prior to 1.6.4, which stems from improper implementation of nonce authentication in the OAuth2 authentication process. No detailed vulnerability details are...
Google Chrome referrer security bypass vulnerability
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome due to an improper implementation of certain features in the product. A remote attacker could exploit the vulnerability to bypass security restrictions...
jsonpointer 安全漏洞
jsonpointer is an open source package for simple JSON addressing. jsonpointer suffers from a security vulnerability that stems from improper design or implementation during the development of code for a web-based system or product. No details of the vulnerability are currently available...
json-pointer 安全漏洞
Json-Pointer is an open source, Rfc 6901 described by Manuel Stofer, a Swiss individual developer of some utilities for Json pointers. json-pointer has a security vulnerability that stems from improper design or implementation during the code development of a web-based system or product. No...
Naver Whale Browser 安全漏洞
Naver Whale Browser is a web browser that supports user-defined interfaces from Naver, a South Korean company. A security vulnerability exists in Naver Whale Browser that arises from improper design or implementation during code development of a web system or product...
Google Chrome WebApp Installer improperly implemented vulnerability
Chrome is a web browsing tool developed by Google. versions prior to Google Chrome 95.0.4638.54 are vulnerable to an improper implementation of WebApp Installer. An attacker could potentially override and spoof the content of the multi-function box URL bar via a crafted HTML page...
Alfresco 代码问题漏洞
Alfresco is an open source enterprise content management system. The platform pages are developed using Freemarker, and the main features include document management, collaboration, records management, knowledge base management, Web content management, etc. Alfresco has a security vulnerability...
Google Chrome Blink improperly implemented vulnerability (CNVD-2021-84806)
Chrome is a web browsing tool developed by Google. versions prior to Google Chrome 95.0.4638.54 are vulnerable to an improper Blink implementation. An attacker could exploit this vulnerability to abuse content security policies via crafted HTML pages...
Modern-Async 资源管理错误漏洞
Modern-Async is a modern JavaScript tool library for asynchronous operations using Async/Await and Promise. A resource management error vulnerability exists in modern-async that arises from improper design or implementation during code development for a networked system or product...
Google Chrome Sandbox Improper Implementation Vulnerability (CNVD-2021-84816)
Chrome is a web browsing tool developed by Google. versions prior to Google Chrome 94.0.4606.81 are vulnerable to improper sandbox implementation. An attacker could potentially bypass site quarantine via Windows by exploiting this vulnerability...
ZOHO ManageEngine ADManager Plus 代码问题漏洞
ZOHO ManageEngine ADManager Plus is a Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and help desk technicians with day-to-day administrative tasks, such as bulk management of user accounts and A...
Improperly Implemented path matching for in-toto-golang
Impact Authenticated attackers posing as functionaries i.e., within a trusted set of users for a layout are able to create attestations that may bypass DISALLOW rules in the same layout. An attacker with access to trusted private keys, may issue an attestation that contains a disallowed artifact ...
http4s 注入漏洞
http4s is an open source streaming HTTP server for Scala. http4s suffers from an injection vulnerability that arises from improper design or implementation during code development of a network system or product...
Samsung Mobile Device 代码问题漏洞
Samsung Mobile Device is a series of mobile smart devices from Samsung, a South Korean company. A security vulnerability exists in Samsung Mobile Device, which arises from an improper design or implementation of a networked system or product code development process...
LINE for iOS 安全漏洞
Line for IOS is an instant messaging application based on the IOS platform. A security vulnerability exists in LINE for iOS that arises from improper design or implementation during code development of a networked system or product...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS has a security vulnerability that arises from improper design or implementation during code development of a network system or product...