Omron CX-Position 缓冲区错误漏洞

Omron CX-Position is a position control software from Omron Japan. It simplifies all aspects of position control, from creating/editing data used in position control units NC units to online communication and monitoring operations. Omron CX-Position suffers from a buffer error vulnerability that...

CVE-2022-22659

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An attacker in a privileged network position may be able to leak sensitive user information...

Null pointer dereference

A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An attacker in a privileged position may be able to perform a denial of service...

Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (called from FuzzAnswerTheRequest and fuzz_rfc1035.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities to the best of our knowledge.

...

CVE-2022-0648

The Team Circle Image Slider With Lightbox WordPress plugin before 1.0.16 does not sanitize and escape the orderpos parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

CVE-2022-0648

The Team Circle Image Slider With Lightbox WordPress plugin before 1.0.16 does not sanitize and escape the orderpos parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

GHSA-8W94-CF6G-C8MG Man-in-the-Middle (MitM)

Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...

CVE-2021-45951

Dnsmasq 2.86 has a heap-based buffer overflow in checkbadaddress called from checkforboguswildcard and FuzzCheckForBogusWildcard. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge...

Improper Privilege Management in liukuo362573/yishaadmin

Description Hi there, there is another improper privilege management in /admin/OrganizationManage/Position/GetFormJson Proof of Concept 1. Access the link http://106.14.124.170:80/admin/OrganizationManage/Position/GetFormJson?id=16508640061130139 2. See that the page return with position data...

DRUPAL-CORE-2022-001

jQuery UI is a third-party library used by Drupal. This library was previously thought to be end-of-life. Late in 2021, jQuery UI announced that they would be continuing development, and released a jQuery UI 1.13.0 version. As part of this 1.13.0 update, they disclosed the following security issu...

More than one historical lock-position may be represented by a single tokenId

Handle onewayfunction Vulnerability details Impact More than one historical lock-position may be represented by a single tokenId, violating the "uniqueness" property claimed by the xdefi-distribution repo's README.md. Proof of Concept The README.md says: The NFT's score is embedded in the tokenId...

CVE-2021-45952

Dnsmasq 2.86 has a heap-based buffer overflow in dhcpreply called from dhcppacket and FuzzDhcp. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge...

CVE-2021-45951

Dnsmasq 2.86 has a heap-based buffer overflow in checkbadaddress called from checkforboguswildcard and FuzzCheckForBogusWildcard. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge...

CVE-2021-45951

DISPUTED Dnsmasq 2.86 has a heap-based buffer overflow in checkbadaddress called from checkforboguswildcard and FuzzCheckForBogusWildcard. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge."...

CVE-2021-45954

DISPUTED Dnsmasq 2.86 has a heap-based buffer overflow in extractname called from answerauth and FuzzAuth. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge."...

CVE-2021-45954

Dnsmasq 2.86 has a heap-based buffer overflow in extractname called from answerauth and FuzzAuth. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge...

Heap overflow

DISPUTED Dnsmasq 2.86 has a heap-based buffer overflow in extractname called from answerauth and FuzzAuth. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge."...

CVE-2021-45952

Removed by vendor...

CVE-2021-45957

Dnsmasq 2.86 has a heap-based buffer overflow in answerrequest called from FuzzAnswerTheRequest and fuzzrfc1035.c. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge...

CVE-2021-45957

Removed by vendor...