18 matches found
GHSA-FFV6-JJ46-X367 django-unicorn affected by component state manipulation via unvalidated attribute access
Summary Component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modify internal attributes such as templatename or trigger protected methods. Vulnerability...
Linux Distros Unpatched Vulnerability : CVE-2022-50411
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ACPICA: Fix error code path in acpidscallcontrolmethod A use-after-free in acpipsparseaml after a failing invocaion of acpidscallcontrolmethod is reported by...
UBUNTU-CVE-2022-50411
In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix error code path in acpidscallcontrolmethod A use-after-free in acpipsparseaml after a failing invocaion of acpidscallcontrolmethod is reported by KASAN 1 and code inspection reveals that nextwalkstate pushed to the...
view_component Cross-site Scripting vulnerability
Impact What kind of vulnerability is it? Who is impacted? This is an XSS vulnerability that has the potential to impact anyone rendering a component directly from a controller with the viewcomponent gem. Note that only components that define a call method i.e. instead of using a sidecar template...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' via the call and outputpostamble methods. An attacker can inject malicious scripts that may be executed in the context of the user's browser session by...
Send Ether will call instead of transfer
Lines of code Vulnerability details Impact transfer automatically forwards exactly 2300 gas to the receiving contract. This limitation can restrict smart contract's ability to interact with other contracts that require more gas for their operations like receiving eth, leading to failed transactio...
SUSE CVE-2015-7657
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary...
SUSE CVE-2016-0994
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execu...
Use of transfer() instead of call() to send eth
Lines of code Vulnerability details Use of transfer instead of call to send eth Impact Use of transfer might render ETH impossible to withdraw because after istanbul hardfork, there is increases in the gas cost of the SLOAD operation and therefore breaks some existing smart contracts. Those...
Usage of deprecated transfer to send ETH
Lines of code Vulnerability details Impact Transaction can revert Proof of Concept The original transfer used to send ETH uses a fixed stipend of 2300 gas. This was used to prevent reentrancy. However, this limit your protocol to interact with others contracts that need more than that to proceess...
Usage of deprecated transfer to send ETH in VaultsCore.sol
Lines of code Vulnerability details Impact Smart contract is not robust as it depends on gas cost so it can fail in some circumstances. PoC The usage of transfer to send ETH is widely considered a bad practice as it limits the gas usage to 2300. msg.sender.transferamount; @Audit deprecated transf...
ALMOST DEPRECATED TRANSFER() IS USED TO WITHDRAW ETHER
Lines of code Vulnerability details Impact transfer function can cause withdrawal to fail Proof of Concept function withdraw address assetAddress, address to, uint256 amount public LibDiamond.enforceIsContractOwner; address sendTo = to == address0 ? msg.sender : to; uint256 assetBalance; if...
use of transfer() instead of call() to send eth
Handle JMukesh Vulnerability details Impact Use of transfer might render ETH impossible to withdraw becuase after istanbul hardfork , there is increases in the gas cost of the SLOAD operation and therefore breaks some existing smart contracts.Those contracts will break because their fallback...
Use of transfer() instead of call() to send eth
Handle JMukesh Vulnerability details Impact Use of transfer might render ETH impossible to withdraw becuase after istanbul hardfork , there is increases in the gas cost of the SLOAD operation and therefore breaks some existing smart contracts.Those contracts will break because their fallback...
UBUNTU-CVE-2016-0994
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execu...
UBUNTU-CVE-2015-7657
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary...
flash-plugin: multiple code execution issues fixed in APSB15-28
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary...
OPC UA Call Method Request Command
...