1436 matches found
CVE-2023-25752
When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...
rwar
Lines of code L1 Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps Assess...
PUB-A-216854451
In multiple functions of PasspointXmlUtils.java, there is a possible authentication misconfiguration due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
Schneider Electric Modicon M580, Modicon M340 Code Issue Vulnerabilities
The Schneider Electric Modicon M580 is a programmable automation controller from Schneider Electric, France. A code issue vulnerability exists in the Schneider Electric Modicon M580 prior to version 4.10, Modicon M340 CPU prior to version 3.51, which can be exploited by an attacker to cause a...
[H1] Incorrect constant set at WhitePaperInterestRateModel
Lines of code Vulnerability details Impact Incorrect calculation of critical parameters like baseRatePerBlock. Proof of Concept The constant blocksPerYear is incorrectly set uint256 public constant blocksPerYear = 2102400; // @audit 15 seconds per block However, for Binance Smart Chain the blocks...
PTC Vuforia Studio 代码问题漏洞
PTC Vuforia Studio is an easy-to-use, web-native tool from PTC for authoring domain and task-specific experiences. These experiences provide integrated views of digital and physical product data, dashboards, and alerts through 2D, 3D, and augmented reality. A code issue vulnerability exists in PT...
Incorrect Calculation of Max Amount of Quote Tokens in moveLiquidity() Function in PositionManager.sol.
Lines of code Vulnerability details Impact The updateInterest function is called before retrieving the fromPosition value from positionsparams.tokenIdparams.fromIndex in the moveLiquidity function. This means that the bucketDeposit value may not reflect the current accrued interest, which can...
It is possible to steal the unallocated part of every delegation period budget
Lines of code Vulnerability details Attacker can monitor the standard proposals distribution and routinely steal each low activity period remainder by submitting a transfer to self proposal and voting a dust amount for it. Since the criteria for the final slate update is that any increase in tota...
UNISOC Chipsets 代码问题漏洞
UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in the UNISOC Chipsets soter service module, which stems from a lack of privilege checking...
Ivanti Avalanche 代码问题漏洞
Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A code issue vulnerability exists in Ivanti Avalanche version 6.3.x and prior versions, which stems from a failure ...
[M-1] Potential DoS attack due to unchecked array lengths in loop
Lines of code Vulnerability details M-1 Potential DoS attack due to unchecked array lengths in loop Impact If strategies and shares have different lengths and the code uses them in a loop without checking their lengths, it could potentially cause an out-of-bounds error, which could lead to a...
CVE-2023-21081
In multiple functions of PackageInstallerService.java and related files, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...
Schneider Electric EcoStruxure Power Monitoring Expert 代码问题漏洞
The Schneider Electric EcoStruxure Power Monitoring Expert is a device from Schneider Electric France that is used to perform power distribution monitoring in IoT environments. The Schneider Electric EcoStruxure Power Monitoring Expert has a code issue vulnerability that stems from the presence o...
CVE-2023-26917
libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lyspstmtvalidatevalue at lysparsemem.c...
IBOS 代码问题漏洞
IBOS is a collaborative office management system. A code issue vulnerability exists in IBOS version 4.5.5. An attacker exploited the vulnerability to cause unrestricted uploads...
Simple and Beautiful Shopping Cart System 代码问题漏洞
Simple and Beautiful Shopping Cart System is an e-commerce platform. A code issue vulnerability exists in SourceCodester Simple and Beautiful Shopping Cart System version 1.0. An attacker could exploit the vulnerability to cause unrestricted uploads...
CVE-2023-1689
A vulnerability classified as problematic was found in SourceCodester Earnings and Expense Tracker App 1.0. This vulnerability affects unknown code of the file Master.php?a=saveearning. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The...
CVE-2023-1689
A vulnerability classified as problematic was found in SourceCodester Earnings and Expense Tracker App 1.0. This vulnerability affects unknown code of the file Master.php?a=saveearning. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The...
Google Pixel 安全漏洞
Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a security vulnerability that stems from a logic error in the code and has the potential to gain dangerous privileges without the user's consent...
WordPress Plugin Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Embed Any Document - Embed...