memos 跨站脚本漏洞

memos is an open source hosted memo center with knowledge management and social features. A cross-site scripting vulnerability exists in versions of memos prior to 0.9.0, which stems from its Resource component that allows an attacker to upload a malicious svg file to enable cross-site scripting...

Heap overflow

A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger...

CVE-2022-28284

SVG's use element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other browsers do not, and web developers relied on this property for script security so gecko's implementation was aligned with...

CVE-2022-4641

A vulnerability was found in pig-vector and classified as problematic. Affected by this issue is the function LogisticRegression of the file src/main/java/org/apache/mahout/pig/LogisticRegression.java. The manipulation leads to insecure temporary file. The attack needs to be approached locally. T...

CVE-2022-4641

A vulnerability was found in pig-vector and classified as problematic. Affected by this issue is the function LogisticRegression of the file src/main/java/org/apache/mahout/pig/LogisticRegression.java. The manipulation leads to insecure temporary file. The attack needs to be approached locally. T...

Design/Logic Flaw

A vulnerability was found in pig-vector and classified as problematic. Affected by this issue is the function LogisticRegression of the file src/main/java/org/apache/mahout/pig/LogisticRegression.java. The manipulation leads to insecure temporary file. The attack needs to be approached locally. T...

CVE-2022-4641 pig-vector LogisticRegression.java LogisticRegression temp file

A vulnerability was found in pig-vector and classified as problematic. Affected by this issue is the function LogisticRegression of the file src/main/java/org/apache/mahout/pig/LogisticRegression.java. The manipulation leads to insecure temporary file. The attack needs to be approached locally. T...

pig-vector 安全漏洞

pig-vector is a library from the individual developer Ted Dunning. It provides the ability to encode data in Pig using Mahout's hash encoding capabilities. A security vulnerability exists in pig-vector that stems from the LogisticRegression function in its...

CVE-2022-4641

CVE-2022-4641 affects the pig-vector project, specifically the LogisticRegression.java function in src/main/java/org/apache/mahout/pig/. The issue is described as manipulating the creation of an insecure temporary file, enabling a local attacker to exploit it. The vulnerability is tied to a patch...

CVE-2022-4641 pig-vector LogisticRegression.java LogisticRegression temp file

A vulnerability was found in pig-vector and classified as problematic. Affected by this issue is the function LogisticRegression of the file src/main/java/org/apache/mahout/pig/LogisticRegression.java. The manipulation leads to insecure temporary file. The attack needs to be approached locally. T...

Adobe Illustrator out-of-bounds read vulnerability (CNVD-2023-07316)

Adobe Illustrator is a vector-based image creation software from Adobe. Adobe Illustrator has an out-of-bounds read vulnerability that can be exploited by attackers to bypass mitigation measures such as ASLR and cause sensitive memory leaks...

First depositor can break minting of shares

Lines of code Vulnerability details Impact The attack vector and impact is the same as TOB-YEARN-003, where users may not receive shares in exchange for their deposits if the total asset amount has been manipulated through a large “donation”. Proof of Concept In Pair.add, the amount of LP token...

Adobe Illustrator out-of-bounds read vulnerability (CNVD-2023-07318)

Adobe Illustrator is a set of vector-based image creation software from Adobe. Adobe Illustrator has an out-of-bounds read vulnerability that can be exploited by attackers to bypass mitigations such as ASLR and cause sensitive memory leaks...

Adobe Illustrator out-of-bounds read vulnerability (CNVD-2023-07315)

Adobe Illustrator is a vector-based image creation software from Adobe. Adobe Illustrator has an out-of-bounds read vulnerability that can be exploited by attackers to bypass mitigation measures such as ASLR and cause sensitive memory leaks...

Adobe Illustrator out-of-bounds read vulnerability (CNVD-2023-07317)

Adobe Illustrator is a set of vector-based image creation software from Adobe. Adobe Illustrator has an out-of-bounds read vulnerability that can be exploited by attackers to bypass mitigations such as ASLR and cause sensitive memory leaks...

PT-2022-14748 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: A side channel information disclosure issue exists in the WifiManager.java file, specifically in the registerLocalOnlyHotspotSoftApCallback function. This issue could allow an attacker to determine...

Design/Logic Flaw

Tendermint is a high-performance blockchain consensus engine for Byzantine fault tolerant applications. Versions prior to 0.28.0 contain a potential attack via Improper Verification of Cryptographic Signature, affecting anyone using the tendermint-light-client and related packages to perform ligh...

Hackers Bombard Open Source Repositories with Over 144,000 Malicious Packages

NuGet, PyPi, and npm ecosystems are the target of a new campaign that has resulted in over 144,000 packages being published by unknown threat actors. "The packages were part of a new attack vector, with attackers spamming the open source ecosystem with packages containing links to phishing...

CVE-2022-23507 Light client verification not taking into account chain ID

Tendermint is a high-performance blockchain consensus engine for Byzantine fault tolerant applications. Versions prior to 0.28.0 contain a potential attack via Improper Verification of Cryptographic Signature, affecting anyone using the tendermint-light-client and related packages to perform ligh...

Tendermint light client verification not taking into account chain ID

Impact Anyone using the tendermint-light-client and related packages to perform light client verification e.g. IBC-rs, Hermes. At present, the light client does not check that the chain IDs of the trusted and untrusted headers match, resulting in a possible attack vector where someone who finds a...