CVE-2017-16310

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker...

CVE-2021-26407

A randomly generated Initialization Vector IV may lead to a collision of IVs with the same key potentially resulting in information disclosure...

CVE-2021-26407

A randomly generated Initialization Vector IV may lead to a collision of IVs with the same key potentially resulting in information disclosure...

PT-2023-10544 · Smarthome · Insteon Hub

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel. Specially crafted commands sent through the PubNub service can cause a stack-based buffer...

CVE-2021-26407

A randomly generated Initialization Vector IV may lead to a collision of IVs with the same key potentially resulting in information disclosure...

CVE-2021-26407

A randomly generated Initialization Vector IV may lead to a collision of IVs with the same key potentially resulting in information disclosure...

CVE-2021-26407

CVE-2021-26407 describes an information-disclosure risk from a collision of randomly generated IVs with the same key. Public references in AMD security bulletins enumerate affected AMD EPYC platforms and related components (ASP, SMU, SEV) and document mitigation steps via firmware/AGESA updates. ...

UBUNTU-CVE-2023-0135

Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. Chromium security severity: Medium...

PT-2023-1488 · Amd · Amd System Management Unit +2

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor ASP affected versions not specified AMD System Management Unit SMU affected versions not specified AMD Secure Encrypted Virtualization SEV affected versions not specified Description: The issue is related to errors in...

AMD Server Vulnerabilities – January 2023

Bulletin ID: AMD-SB-1032 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Un...

PT-2023-18514 · Unknown · Svg-Sanitizer

Name of the Vulnerable Software and Affected Versions: sanitize-svg versions prior to 0.4.0 Description: The sanitize-svg package uses a deny-list-pattern to sanitize SVGs and prevent cross-site scripting attacks. However, literal -tags and on-event handlers were detected in versions prior to...

TokenggAVAX.sol : First depositor can break minting of shares

Lines of code Vulnerability details Impact A well known attack vector for almost all shares based liquidity pool contracts, where an early user can manipulate the price per share and profit from late users' deposits because of the precision loss caused by the rather large value of price per share...

prettytable-rs: Force cast a &Vec<T> to &[T] may lead to undefined behavior

In function Table::asref, a reference of vector is force cast to slice. There are multiple problems here: 1. To guarantee the size is correct, we have to first do Vec::shrinktofit. The function requires a mutable reference, so we have to force cast from immutable to mutable, which is undefined...

memos 安全漏洞

memos is an open source hosted memo center with knowledge management and social features. A security vulnerability exists in memos, which can be exploited by an attacker to change a user's language preference...

APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector

Microsoft's decision to block Visual Basic for Applications VBA macros by default for Office files downloaded from the internet has led many threat actors to improvise their attack chains in recent months. Now according to Cisco Talos, advanced persistent threat APT actors and commodity malware...

CVE-2020-36562

Due to unchecked type assertions, maliciously crafted messages can cause panics, which may be used as a denial of service vector...

CVE-2021-4235 Denial of service in gopkg.in/yaml.v2

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector...

memos 跨站脚本漏洞

memos is an open source hosted memo center with knowledge management and social features. A cross-site scripting vulnerability exists in memos, which originates when a user uploads a file with the extension .svg and accesses it directly, the server responds with Content-type: image/svg+xml causin...

The vulnerability of Adobe Experience Manager’s content and media data management system, which stems from the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.

The vulnerability of Adobe Experience Manager’s content and media data management system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created link...

CVE-2022-40011

Typora through 1.3.8 allows XSS if a document containing an SVG element with an attacker-controlled onload attribute is exported and then used at a victim's origin...