4 matches found
Improper validation of intent data received in TextViewerActivity allows opening of arbitrary files in hamza417/inure
Description Tested on Build89 of the Inure application. It was discovered that the application had an exported activity .activities.association.TextViewerActivity which accepted intent data via the file scheme + text/ mime type and opened the associated files from provided URI data string. The...
Operator may be removed without checking whether are there fund locked in that operator.
Lines of code Vulnerability details Impact Operator may be removed without checking whether are there fund locked in that operator. Locked fund may not be able to withdraw unless operator is being added back. Proof of Concept /// @inheritdoc INestedFactory function removeOperatorbytes32 operator...
CVE-2021-43105
Technitium DNS Server vulnerabilities: A bailiwick checking function flaw in versions ≤ 7.0 allows malicious users to inject NS records of any domain (even TLDs) into the cache, enabling DNS cache poisoning. The PT-2022-11786 entry and CNNVD/CVE references corroborate this, stating the impact as ...
The vulnerability of the fill-checking function in the AES-NI implementation of the OpenSSL library allows a perpetrator to gain unauthorized access to confidential data.
The vulnerability of the fill-checking function in the AES-NI implementation of the OpenSSL library is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to confidential data...