7654 matches found
Apple Mac OS X Security Update (HT213185)
Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apple Mac OS X Security Update (HT212979)
Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apple Mac OS X Security Update (HT212981)
Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apple Mac OS X Security Update (HT213184)
Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
node-lmdb 安全漏洞
node-lmdb is a node.js binding for LMDB by the individual developer Timur Kristof of Hungary. A security vulnerability exists in node-lmdb that stems from node-lmdb's susceptibility to denial-of-service DoS attacks when defining uncallable ToString values. Successful exploitation will result in a...
Samsung UWB stack buffer overflow vulnerability
Samsung UWB is a wireless technology used by Samsung Samsung mobile devices that allows smartphones to connect and communicate directly with your car. a buffer overflow vulnerability exists in the Samsung UWB stack, which stems from a boundary checking error in the UWB stack. An attacker could...
About the security content of GarageBand 10.4.6
About the security content of GarageBand 10.4.6 This document describes the security content of GarageBand 10.4.6. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases ar...
Unrestricted Upload of File with Dangerous Type
Description Malicious user can bypass checking and upload .phtm or .php6 file which leads to stored XSS. Proof of Concept - Step 1: Login as admin at https://demo.microweber.org/demo/admin/ - Step 2: Go to Websites setting and Edit any page https://demo.microweber.org/demo/admin/page/24/edit -...
MediaTek 多款产品缓冲区错误漏洞
MediaTek Mt Series is a series of smartphone chips from China's MediaTek. A security vulnerability exists in several MediaTek products, which stems from a lack of boundary checking in the preloader usb, which may result in out-of-bounds writes. The following products and versions are affected:...
Nextcloud server authorization issue vulnerability (CNVD-2022-20692)
Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. nextcloud server is a self-hosted system designed to provide cloud-style services. nextcloud server is vulnerable to an authorization issue that stems from a lack of...
MediaTek 多款产品缓冲区错误漏洞
MediaTek Mt Series is a series of smartphone chips from China's MediaTek. A security vulnerability exists in several MediaTek products, which stems from a lack of boundary checking in the preloader usb, which may result in out-of-bounds writes. The following products and versions are affected:...
Use of a Key Past its Expiration Date and Insufficient Session Expiration in Maddy Mail Server
Impact Any configuration on any maddy version 0.5.4 using auth.pam is affected. No password expiry or account expiry checking is done when authenticating using PAM. Patches Patch is available as part of the 0.5.4 release. Workarounds If /etc/shadow authentication is used, it is possible to replac...
CVE-2021-40056
There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability...
CVE-2021-40062
CVE-2021-40062 is described across multiple sources as a buffer overflow in Huawei EMUI/Magic UI video framework caused by copying the input buffer without size checks. This leads to a denial-of-service impact (availability). The connected CNVD/CNNVD entries corroborate a Huawei Android-based EMU...
Google Android 安全漏洞
Google Android is a Linux-based open-source operating system from Google, Inc. An elevation of privilege vulnerability exists in Google Android, which stems from a privilege checking error. An attacker could exploit this vulnerability to elevate local privileges...
The vulnerability in the web interface for controlling Cisco Expressway Series and Cisco Telepresence VCS devices allows a hacker to execute arbitrary code as a root user.
The vulnerability of the Web interface for controlling Cisco Expressway Series and Cisco Telepresence VCS devices is related to insufficient checking of the command arguments entered by users. Exploiting this vulnerability allows a malicious actor to execute arbitrary code as a root user remotely...
openSUSE 15 Security Update : webkit2gtk3 (openSUSE-SU-2022:0705-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0705-1 advisory. - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2,...
OPENSUSE-SU-2022:0705-1 Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.34.6 bsc1196133: - CVE-2022-22620: Processing maliciously crafted web content may have lead to arbitrary code execution. Update to version 2.34.5 bsc1195735: - CVE-2022-22589: A validation issue was addressed with improve...
DepositBoxERC20 does not support fee-on-transfer token
Lines of code Vulnerability details Impact The transfered amount is saved without checking the actual amount of token received after the transfer. Proof of Concept saveTransferredAmountschainHash, erc20OnMainnet, amount; require ERC20Upgradeableerc20OnMainnet.transferFrom msg.sender, addressthis,...
Cross-site Scripting (XSS) - Stored
Description Autolab is vulnerable to stored cross-site-scripting in the upload files functionality in courses feature, this can be used to execute XSS attack against the victim who is a student/teacher. Steps to Reproduce PoC 1 login to autolab 2 go to...