7654 matches found
ntfs-3g: Heap buffer overflow in ntfs_get_attribute_value() caused by an unsanitized attribute
The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
ntfs-3g: Heap buffer overflow in ntfs_inode_real_open() triggered by a specially crafted NTFS inode
The ntfs3g package is susceptible to a heap overflow on crafted input. When processing NTFS inodes, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
ntfs-3g: Heap buffer overflow in ntfs_attr_setup_flag() triggered by a specially crafted NTFS attribute from MFT
The ntfs3g package is susceptible to a heap overflow on crafted input. When processing NTFS attributes from the MFT , proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager
F5-CVE-2022-1388-Exploit Exploit and Check Script for CVE 2022...
NewStart CGSL CORE 5.04 / MAIN 5.04 : ovmf Multiple Vulnerabilities (NS-SA-2022-0009)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ovmf packages installed that are affected by multiple vulnerabilities: - Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service vi...
CVE-2022-20792
A vulnerability in the regex module used by the signature database load module of Clam AntiVirus ClamAV versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution...
PT-2022-3361 · Weblizar · School Management Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: School Management WordPress plugin versions prior to 9.9.7 Description: The issue is related to an obfuscated backdoor injected in the license checking code of the School Management WordPress plugin, which registers a REST API handler. This...
MediaTek 芯片安全漏洞
MediaTek chips are a variety of chips from MediaTek, a Chinese company MediaTek. The MediaTek chips are affected by a security vulnerability that stems from a lack of privilege checking, which can be exploited by an attacker to cause a local privilege escalation. The following products and versio...
MediaTek 芯片安全漏洞
MediaTek chips are a variety of chips from MediaTek, a Chinese company called MediaTek. A security vulnerability exists in the MediaTek chips, which stems from a lack of privilege checking, and can be exploited by an attacker to disclose local information. The following products and versions are...
Design/Logic Flaw
The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPathobj, keyPath, value function which does not properly check the keys being set like proto or constructor. This can allow an attacker to add/modify properties o...
Jetbrains JetBrains IntelliJ IDEA 访问控制错误漏洞
JetBrains IntelliJ IDEA is a set of integrated development environments for the Java language from Jetbrains Czech Republic.JetBrains IntelliJ IDEA versions prior to 2022.1 are vulnerable to an access control error vulnerability that stems from a flaw in source checking in the internal web server...
Google Android elevation of privilege vulnerability (CNVD-2022-43233)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that stems from a lack of privilege checking in TBD's TBD, which can be exploited to bypass PIN validation to access PIN-protected settings. An attacker...
GSD-2022-1002027 can: mcba_usb: properly check endpoint type
can: mcbausb: properly check endpoint type This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.110 by commit...
Google Android Information Disclosure Vulnerability (CNVD-2022-44553)
Google Android is a Linux-based open source operating system from Google, Inc. An information disclosure vulnerability exists in l2cbleprocesssigcmd in l2cble.cc, which could result in an out-of-bounds read due to a lack of boundary checking. . The vulnerability can be exploited by attackers to...
transfer or transferFrom without checking the boolean result
It was found some transfer, approve or transferFrom without checking the boolean result, ERC20 standard specify that the token can return false if this call was not made, so it's mandatory to check the result of approve methods. CoreCollection.solL175 ERC721Payable.solL54 --- The text was updated...
Wordpress permission check error vulnerability
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers, and a permission checking error vulnerability exists in Wordpress, which stems from the wp-admin/press-this.php script that...
Slackware: Security Advisory (SSA:2019-135-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Slackware: Security Advisory (SSA:2014-013-02)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
no spoofing protection on email domain (No Valid SPF Records.)
What Is SPF/TXT Records? An SPF record is a type of Domain Name Service DNS record that identifies which mail servers are permitted to send email on behalf of your domain. The purpose of an SPF record is to prevent spammers from sending messages with forged From addresses at your domain. Checking...
Google Android Buffer Overflow Vulnerability (CNVD-2022-44551)
Google Android is a Linux-based open source operating system from Google, Inc. Google Android has a buffer overflow vulnerability that originates in the TBD of the TBD, which can be read out of bounds due to a lack of boundary checking and can be exploited by attackers to cause local information...