9106 matches found
CVE-2023-0628
Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL...
CVE-2023-0628 Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL
Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL...
Docker Desktop 命令注入漏洞
Docker Desktop is a container technology-based desktop software for lightweight deployment of applications from the U.S. company Docker. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...
CVE-2022-40530
Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase...
Akuvox E11 安全特征问题漏洞
Akuvox E11 is a SIP visual doorbell from Akuvox designed for villas, houses and apartments. A security vulnerability exists in Akuvox E11 that stems from the inclusion of a feature that encrypts a message and then forwards it.The IV vector and key are static, which could allow an attacker to...
Authorization
NextAuth.js is an open source authentication solution for Next.js applications. next-auth applications using OAuth provider versions before v4.20.1 have been found to be subject to an authentication vulnerability. A bad actor who can read traffic on the victim's network or who is able to social...
CVE-2023-27490 Missing proper state, nonce and PKCE checks for OAuth authentication in next-auth
NextAuth.js is an open source authentication solution for Next.js applications. next-auth applications using OAuth provider versions before v4.20.1 have been found to be subject to an authentication vulnerability. A bad actor who can read traffic on the victim's network or who is able to social...
CVE-2023-27490 Missing proper state, nonce and PKCE checks for OAuth authentication in next-auth
NextAuth.js is an open source authentication solution for Next.js applications. next-auth applications using OAuth provider versions before v4.20.1 have been found to be subject to an authentication vulnerability. A bad actor who can read traffic on the victim's network or who is able to social...
Debian: Security Advisory (DLA-288-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-40530
CVE-2022-40530 describes memory corruption in WLAN caused by an integer overflow that progresses to a buffer overflow during WLAN initialization. The issue is documented in Qualcomm closed-source WLAN components and is reflected in multiple sources (NVD/Red Hat/CVE lists); exploitation status and...
CVE-2022-40530 Integer overflow to buffer overflow in WLAN
Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase...
Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Updater...
ReaperBaseStrategyv4 is not Initializable
Lines of code Vulnerability details Impact ReaperStrategyGranarySupplyOnly calls function ReaperBaseStrategyinit from ReaperBaseStrategyv4, but ReaperBaseStrategyv4 is not Initializable. If the ReaperBaseStrategyinit function is not called during contract initialization, it can cause critical...
Address(0) check on array of addresses is not performed
Lines of code Vulnerability details Impact Likelihood-Impact = Severity Low-High = Medium Proof of Concept function initialize address vault, address memory strategists, address memory multisigRoles,// @audit array both length check IAToken gWant calls to another ReaperBaseStrategyinit in contrac...
Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Updater...
PT-2023-35468 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.168 Description: The issue is related to the zero-initialization of the zlib workspace in btrfs. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versio...
Contract not initialized after deployment
Lines of code Vulnerability details Impact In ReaperStrategyGranarySupplyOnly.sol, the initialize function is not called after deployment. Left open to unintended behaviour and/or an attacker calling the initialize function, gaining control of core permissions and functions, as highlighted in the...
PT-2023-35415 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.12 Description: The issue concerns the initialization of the zlib workspace in btrfs. It has been noted that the zlib workspace is not properly zero-initialized, which may potentially lead to security issue...
PT-2023-13814 · Qualcomm · Snapdragon +171
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves memory corruption in WLAN due to an integer overflow leading to a buffer overflow during the initialization phase. No information is...
USN-5925-1 linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...