187 matches found
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the handling of Bluetooth Low Energy BLE fixed channels, such as SMP or ATT. An attacker can cause the target device to send disconnection requests for fixed channels, which is not permitted by the...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read due to improper validation in the path comparison process. An attacker can cause a crash or override the contents of a secure cookie by setting a cookie with the secure keyword for an HTTPS site, then redirecting to t...
Improper Handling of Unexpected Data Type
Overview Affected versions of this package are vulnerable to Improper Handling of Unexpected Data Type when functions including List and SignWithFlags process successAgentMsg. This can be triggered by a malicious agent sending a single 0x06 byte SSHAGENTSUCCESS, which is unmarshalled into a...
Allocation of Resources Without Limits or Throttling
Overview org.webjars.bower:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the data: URL handler. An attacker can trigger a denial of service by crafting a data: URL with...
Missing Release of Memory after Effective Lifetime
Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via the key exchange process. An attacker can cause gradual memory exhaustion and potential application crashes by repeatedly initiating key exchanges with incorrect guesses as an...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the processing of crafted TIFF files. An attacker can cause the application to crash by supplying a specially crafted file. Remediation A fix was pushed into the master branch but not yet published...
Integer Overflow to Buffer Overflow
Overview Affected versions of this package are vulnerable to Integer Overflow to Buffer Overflow via the PSD Image Decoding functionality. An attacker can execute arbitrary code by supplying a specially crafted .psd file that triggers an integer overflow during stride calculation, leading to a...
Integer Overflow to Buffer Overflow
Overview Affected versions of this package are vulnerable to Integer Overflow to Buffer Overflow via the WebP Image Decoding functionality. An attacker can execute arbitrary code by enticing a user to open a specially crafted .webp animation file, which triggers an integer overflow during stride...
Open Redirect
Amendment This was deemed not a vulnerability. Overview org.webjars.npm:koa is a Koa web app framework Affected versions of this package are vulnerable to Open Redirect via the redirect function in lib/response.js due to improper input sanitization. An attacker can redirect users to arbitrary...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper processing of large name constraint structures in PKIXCertPathReviewer. An attacker can cause excessive resource allocation by submitting specially crafted ASN.1...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion due to uncontrolled recursion in the CBOR data processing. An attacker can gain elevated privileges by providing specially crafted input that triggers excessive recursive calls. Remediation A fix was pushed into t...
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow in the setrow function. An attacker can cause application instability and potentially execute arbitrary code by supplying a specially crafted image file that triggers improper bounds checking during row data assignment...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the calculation of the session ID during the key exchange process. An attacker can cause a crash of SSH clients or servers by triggering an allocation failure in cryptographic functions. Remediation Upgrade...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the DDL component. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network with high privileges. Details Denial of Service DoS describes a family of attacks, al...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the DML component. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network. Details Denial of Service DoS describes a family of attacks, all aimed at making a...
Use After Free
Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free via improper handling of possible socket destruction in P2PSocketTcpBase. An attacker can...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the gnutlsfigurecommonciphersuite function. Remediation A fix was pushed into the master branch but not yet published. References - Fix Commit - PoC - Red Hat Bugzilla Bug - Release Notes Credit: Stefan Bühl...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the stack-overflow handler in ljstate.c. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - GitHub Gist - GitHub Issue Credit: Kutyavin Maxim...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the snapunsink function in ljsnap.c.c, which the IRFSTORE process uses when handling a NULL metatable. An attacker can cause the application to crash or become unresponsive by triggering this condition...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the BigDecimal and BigInteger handling in the MessageSerializer class. An attacker can execute arbitrary code or manipulate application behavior by providing crafted serialized objects. Details...