Lucene search
K

165 matches found

NVD
NVD
added 2022/03/10 5:43 p.m.16 views

CVE-2021-40055

There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity...

7.1CVSS0.00506EPSS
Exploits0References2
OSV
OSV
added 2022/03/10 5:43 p.m.5 views

CVE-2021-40055

There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity...

5.9CVSS6.2AI score0.00506EPSS
Exploits0References2
Prion
Prion
added 2022/03/10 5:43 p.m.28 views

Design/Logic Flaw

There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity...

7.1CVSS5.7AI score0.00506EPSS
Exploits0References2Affected Software3
Cvelist
Cvelist
added 2022/03/07 1:50 p.m.21 views

CVE-2021-40055

There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity...

5.9AI score0.00506EPSS
Exploits0References2
CVE
CVE
added 2022/03/07 1:50 p.m.98 views

CVE-2021-40055

CVE-2021-40055 describes a man-in-the-middle attack vulnerability during system update download in recovery mode that can compromise integrity. Connected records corroborate this as a MITM issue affecting Huawei EMUI and Magic UI (Android-based). The NVD details indicate impact to integrity (I) a...

7.1CVSS5.6AI score0.00506EPSS
Exploits0References2Affected Software3
OSV
OSV
added 2022/02/09 11:15 p.m.3 views

CVE-2021-40045

There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerability may affect service confidentiality...

5.5CVSS6.1AI score
Exploits0References2
NVD
NVD
added 2022/02/09 11:15 p.m.23 views

CVE-2021-40045

There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerability may affect service confidentiality...

5.5CVSS0.00152EPSS
Exploits0References2
Prion
Prion
added 2022/02/09 11:15 p.m.19 views

Privilege escalation

There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerability may affect service confidentiality...

2.1CVSS5.5AI score0.00152EPSS
Exploits0References2Affected Software3
CVE
CVE
added 2022/02/09 10:3 p.m.110 views

CVE-2021-40045

CVE-2021-40045 concerns Huawei HarmonyOS (Wearables recovery upgrade system) where the signature verification mechanism can fail during system upgrade in recovery mode. The underlying vulnerability is a signature verification failure that can affect confidentiality of service. The NVD entry notes...

5.5CVSS5.5AI score0.00152EPSS
Exploits0References2Affected Software3
Code423n4
Code423n4
added 2021/12/01 12:0 a.m.10 views

Unable to remove liquidity in Recovery Mode

Handle gzeon Vulnerability details Impact According to When the Malt price TWAP drops below a specified threshold eg 2% below peg then the protocol will revert any transaction that tries to remove Malt from the AMM pool ie buying Malt or removing liquidity. Users wanting to remove liquidity can...

6.8AI score
Exploits0
OSV
OSV
added 2021/08/05 4:56 p.m.16 views

GHSA-XH2P-7P87-FHGH Incorrect TCR calculation in batchLiquidateTroves() during Recovery Mode

TCR is temporarily miscalculated in the batchLiquidateTroves function during Recovery Mode. The bug lies in batchLiquidateTroves of TroveManager. When calculating system's entire collateral, we should also exclude the liquidated trove's surplus collateral, since liquidation closes the trove and...

3.1CVSS6.9AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/08/05 4:56 p.m.44 views

Incorrect TCR calculation in batchLiquidateTroves() during Recovery Mode

TCR is temporarily miscalculated in the batchLiquidateTroves function during Recovery Mode. The bug lies in batchLiquidateTroves of TroveManager. When calculating system's entire collateral, we should also exclude the liquidated trove's surplus collateral, since liquidation closes the trove and...

0.2AI score
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2021/06/29 4:38 p.m.11 views

libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode

A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in recovery mode and post validated. The highest threat from this vulnerability is to system...

5.9CVSS7.1AI score0.03503EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2021/05/20 7:0 a.m.4 views

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

...

5.9CVSS7AI score0.03503EPSS
Exploits0
OSV
OSV
added 2021/05/14 8:15 p.m.2 views

DEBIAN-CVE-2021-3537

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest...

5.9CVSS7AI score0.03503EPSS
Exploits0References1
OSV
OSV
added 2021/05/14 8:15 p.m.2 views

ALPINE-CVE-2021-3537

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest...

5.9CVSS6.8AI score0.03503EPSS
Exploits0References1
OSV
OSV
added 2021/05/14 8:15 p.m.2 views

UBUNTU-CVE-2021-3537

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest...

5.9CVSS6.7AI score0.03503EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2021/05/14 7:50 p.m.52 views

CVE-2021-3537

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest...

5.9CVSS7.9AI score0.03503EPSS
Exploits0
Veracode
Veracode
added 2021/05/08 2:26 p.m.35 views

Denial Of Service (DoS)

libxml2 is vulnerable to denial of service. It is due to a NULL pointer dereference when post-validating mix content parsed in recovery mode...

5.9CVSS4.1AI score0.03503EPSS
Exploits0References12Affected Software16
Positive Technologies
Positive Technologies
added 2021/04/30 12:0 a.m.9 views

PT-2021-4589

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.11 Description The issue is related to the libxml2 library's parser component, which fails to propagate errors when parsing XML content. This can be exploited by a remote attacker using a specially crafted XML...

10CVSS7AI score0.52063EPSS
Exploits23References146
Rows per page
Query Builder