94 matches found
CVE-2023-21022
In BufferBlock of Suballocation.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...
WP Dark Mode < 4.0.0 - Contributor+ Stored XSS in Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack PoC Exploit shortcode: wpdarkmode class='" onmouseover="alert1"'...
Cross-site Scripting (XSS)
org.apache.sling.cms.ui is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the library does not properly encode the resource.path variable before being rendered, allowing an attacker to inject and execute malicious JavaScript through the site group feature...
10WebMapBuilder < 1.0.72 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit:...
CVE-2022-46881
An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. Note: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 106...
depositAndTrade function is incomplete & does not use returnValue of UniswapV3 router
Lines of code Vulnerability details Impact depositAndTrade function seems to be incomplete - the tokenOutput from swapRouter is currently owned by DepositTradeHelper account and needs to be transferred back to msg.sender who initiated this transaction. Since this contract doesn't seem to be part ...
Product list Widget for Woocommerce <= 1.0 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users such as high privilege one like admin. Make any unauthenticated or authenticated users su...
GSD-2022-1007587 drivers: serial: jsm: fix some leaks in probe
drivers: serial: jsm: fix some leaks in probe This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.296 by commit...
GSD-2022-1006874 staging: greybus: audio_helper: remove unused and wrong debugfs usage
staging: greybus: audiohelper: remove unused and wrong debugfs usage This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...
GSD-2022-1006319 netfilter: nf_tables: fix null deref due to zeroed list head
netfilter: nftables: fix null deref due to zeroed list head This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.326 by commit...
CVE-2022-35014
Advancecomp v2.3 contains a segmentation fault...
CVE-2022-29816
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible...
GSD-2022-1000919 net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
net: arcnet: com20020: Fix null-ptr-deref in com20020pciprobe This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.270 by commit...
Critical Flaw Uncovered in WordPress Backup Plugin Used by Over 3 Million Sites
Patches have been issued to contain a "severe" security vulnerability in UpdraftPlus, a WordPress plugin with over three million installations, that can be weaponized to download the site's private data using an account on the vulnerable sites. "All versions of UpdraftPlus from March 2019 onwards...
CVE-2022-24916
Optimism before @eth-optimism/[email protected] allows economic griefing because a balance is duplicated upon contract self-destruction...
Attacker can break joinTokenSingle() by transferring basketToken to the contract
Handle WatchPug Vulnerability details uint256 outputAmount = outputToken.balanceOfaddressthis; require outputAmount == joinTokenStruct.outputAmount, "FAILEDOUTPUTAMOUNT" ; In the current implementation, joinTokenSingle requires balanceOf outputToken strictly equal to outputAmount in calldata...
GSD-2021-1002299 usb: typec: tipd: Remove WARN_ON in tps6598x_block_read
usb: typec: tipd: Remove WARNON in tps6598xblockread This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.82 by commit...
Wrong implementation of SwapUtils.sol#rampTargetPrice() makes it impossible to change the target price
Handle WatchPug Vulnerability details uint256 initialTargetPricePrecise = getTargetPricePreciseself; uint256 futureTargetPricePrecise = futureTargetPrice.mulTARGETPRICEPRECISION; if futureTargetPricePrecise = initialTargetPricePrecise, "futureTargetPrice is too small" ; else require...
in adodb/adodb
Description An attacker can inject values into the PostgreSQL connection string by bypassing adodbaddslashes . The function can be bypassed in phppgadmin for example by surrounding the username in quotes and submitting with other parameters injected in between. Proof of Concept I'm going to use...
Re-entrancy in settleAuction allow stealing all funds
Handle cmichel Vulnerability details Note that the Basket contract approved the Auction contract with all tokens and the settleAuction function allows the auction bonder to transfer all funds out of the basket to themselves. The only limiting factor is the check afterwards that needs to be abided...