Authentication flaw

The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handleauthrequest' and 'hadleloginrequest'. This makes it possible for non authenticated attackers to log in as any existing user on the site,...

CVE-2023-41704

Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved...

Stack overflow

KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution...

MISP Code Issue Vulnerability

MISP is an open source software solution. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A code issue vulnerability exists in versions of MISP prior to 2.4.184, which stems from ...

KiTTY Buffer Error Vulnerability

KiTTY is a lightweight telnet and WindowsSSH client and a PuTTY-based xword terminal emulator. A buffer error vulnerability exists in KiTTY 0.76.1.13 and earlier versions, which stems from insufficient bounds checking and input cleanup, and a stack-based buffer overflow that can lead to arbitrary...

CVE-2024-25003

KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution...

EulerOS 2.0 SP9 : mozjs60 (EulerOS-SA-2024-1181)

According to the versions of the mozjs60 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable cras...

CentOS 8 : thunderbird (CESA-2023:3221)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:3221 advisory. - In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and...

EulerOS 2.0 SP5 : shim-signed (EulerOS-SA-2024-1165)

According to the versions of the shim-signed package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact...

CVE-2024-24563

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an int as an index for an array. The typechecker allows the usage of...

Design/Logic Flaw

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an int as an index for an array. The typechecker allows the usage of...

CVE-2024-24563 Vyper array negative index vulnerability

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an int as an index for an array. The typechecker allows the usage of...

Google Pixel 缓冲区错误漏洞

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a buffer overflow vulnerability that stems from a lack of boundary checking. An attacker can exploit the vulnerability to escalate privileges...

CVE-2023-33072 Buffer copy without checking size of Input in Core

Memory corruption in Core while processing control functions...

CVE-2023-33058 Buffer Copy Without Checking Size of Input in Modem

Information disclosure in Modem while processing SIB5...

Denial Of Service (DoS)

github.com/tidwall/gjson is vulnerable to Denial Of Service DoS. The vulnerability is due to improper bounds checking during JSON parsing within gjson.go. This can leads to DoS if the application parses untrusted input...

MediaTek Chip Security Breach

MediaTek chips are a variety of chips from MediaTek, a Chinese company. A security vulnerability exists in the MediaTek chips, which stems from a lack of boundary checking in the TVAPI module, which may result in out-of-bounds writes...

MediaTek Chip Security Breach

MediaTek chips are a variety of chips from MediaTek, a Chinese company. A security vulnerability exists in the MediaTek chips, which stems from a lack of boundary checking in the TVAPI module, which may result in out-of-bounds writes...

Integer Overflow

ffmpeg is vulnerable to Integer Overflow. The vulnerability is due to improper bounds checking for integers. This allows attackers to perform a DoS via the avcodec/osq module...

Integer Overflow

ffmpeg is vulnerable to Integer Overflow. The vulnerability is due to lack of bound checking for integer.This allows remote attackers to execute arbitrary code via the jpegxlanimreadpacket component in the JPEG XL Animation decoder...