Mozilla Firefox code issue vulnerability (CNVD-2023-03065)

A code issue vulnerability exists in Mozilla Firefox, an open source Web browser from the Mozilla Foundation, which stems from the product's failure to restrict the lifecycle of script execution. An attacker could use this vulnerability to cause scripts to execute in an invalid object state...

radare2 code issue vulnerability (CNVD-2023-06084)

radare2 is a set of libraries and tools for working with binary files. radare2 versions prior to 5.8.2 are vulnerable to a code issue that stems from NULL pointer dereferencing. No detailed vulnerability details are currently available...

Ariadne Component Library 代码问题漏洞

Ariadne Component Library is a set of url, http and xss components for Ariadne CMS open source. A code issue vulnerability exists in Ariadne Component Library version 2.x and prior versions. An attacker could exploit this vulnerability to perform server-side request forgery attacks...

Microweber 代码问题漏洞

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A code issue vulnerability exists in Microweber versions prior to 1.3.2, which stems fro...

CVE-2022-31740

On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...

FFmpeg Code Problem Vulnerability (CNVD-2024-31520)

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. FFmpeg has a code issue vulnerability that stems from the vp3decodeframe function in its libavcodec/vp3.c file that does not reasonably check the return result of the avmalloc function, whi...

Adobe Experience Manager 代码问题漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The solution supports mobile content management, marketing and sales campaign management, and multi-site management. A co...

TYPO3 代码问题漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A code issue vulnerability exists in TYPO3 Core, which can be exploited by an attacker to bypass TYPO3 Core restrictions via a password reset session expiration in order to gain user...

Linux kernel 代码问题漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A code issue vulnerability exists in the Linux kernel that stems from an unchecked rtwallochwxmits return that causes a null pointer dereference...

ThinkPHP 代码问题漏洞

Top Think Information Technology ThinkPHP is a PHP-based, open source, lightweight web application development framework from China's Top Think Information Technology Company. A code issue vulnerability exists in ThinkPHP version 5.1.41 and 5.0.24, which stems from the presence of a code logic...

Super Xray Code Issue Vulnerability

Super Xray is an excellent vulnerability scanning tool by 4ra1n individual developers. A code issue exists in versions of Super Xray prior to 0.7, which stems from a program configuration that confirms that trusted inputs will be stored in a yaml file, which can be exploited by an attacker with...

Super Xray 代码问题漏洞

Super Xray is an excellent vulnerability scanning tool by 4ra1n individual developers. A code issue exists in versions of Super Xray prior to 0.7, which stems from a program configuration that confirms that trusted inputs will be stored in a yaml file, which can be exploited by an attacker with...

Google TensorFlow code issue vulnerability (CNVD-2022-80679)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A code issue vulnerability exists in Google TensorFlow, which results from pywrap code failing to parse a tensor and returning an uncaught "nullptr" if a list of quantified tensors is assigned to an...

Bouncy Castle BC Code Issue Vulnerability

Bouncy Castle BC is a cryptographic library for C and Java applications organized by Bouncy Castle. A code issue vulnerability exists in Bouncy Castle BC-FJA versions prior to 1.0.2.4, which stems from a temporary key used by the BC-FJA FIPS module that may be zeroed out while the module is still...

Upgraded Q -> M from #307 [1669043813221]

Judge has assessed an item in Issue 307 as M risk. The relevant finding follows: L-1. Wrong comparison sign Description The function swapAVAXForExactTokens will revert when msg.value amountsIn0 because amountsIn0 - msg.value will always cause underflow. Solidity version ^0.8.0 is used, so it will...

KubeVela 代码问题漏洞

KubeVela is a modern application delivery platform open-sourced by KubeVela. A code issue vulnerability exists in KubeVela. An attacker exploits this vulnerability to perform a server-side request forgery attack...

Rdiffweb 代码问题漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. Provides quick access to your archives through an efficient web interface. A code issue vulnerability exists in rdiffweb versions prior to 2.5.0, where the source session expires insufficiently...

Foxit Reader Code Issue Vulnerability (CNVD-2023-07829)

Foxit Reader is a PDF document reader from Foxit China. Foxit Reader is vulnerable to a code issue that could be exploited by attackers to execute malicious DLL files...

Foxit Reader 代码问题漏洞

Foxit Reader is a PDF document reader from Foxit China. Foxit Reader is vulnerable to a code issue that could be exploited by attackers to execute malicious DLL files...

Cisco Firepower Threat Defense 代码问题漏洞

Cisco Firepower Threat Defense FTD is a suite of unified software from Cisco that provides next-generation firewall services. A code issue vulnerability exists in Cisco Firepower Threat Defense FTD Software that stems from a lack of error checking when interacting with its SIP and Snort 3 for...