Mozilla Firefox 代码问题漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox has a code issue vulnerability, there is no information about this vulnerability yet, please stay tuned to CNNVD or the vendor announcement...

Linux Kerne code issue vulnerability

The Linux Kernel is the kernel used by the Linux Foundation's open source operating system Linux, which is vulnerable. A local attacker could exploit this vulnerability to cause a system crash, which could affect system availability...

Information disclosure

In various functions of apinputprocessor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

SONY Content Transfer Code Issue Vulnerability

SONY Content Transfer is a file transfer software from Sony Japan. It is suitable for customers who manage music, video, photo, and podcast content using iTunes, etc. SONY Content Transfer suffers from a code issue vulnerability that stems from the installer containing a DLL search path issue tha...

CVE-2022-20420

In getBackgroundRestrictionExemptionReason of AppRestrictionController.java, there is a possible way to bypass device policy restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...

Signature malleability

Lines of code Vulnerability details Impact Signature malleability allows the user to reuse the same signature twice. Which may cause order to be executed twice. Proof of Concept function recover bytes32 digest, uint8 v, bytes32 r, bytes32 s internal pure returns address requirev == 27 || v == 28,...

ERC1155's Amount Parameter Manipulation To Steal Buyers' Funds

Lines of code Vulnerability details Vulnerability Details We discovered that a rogue seller i.e., attacker can place an order for selling N amount where N 1 of a specific token id of an ERC-1155 NFT collection. However, when the sell order is fulfilled by a buyer, the attacker would spend only 1...

Huawei HarmonyOS 代码问题漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a code issue vulnerability that stems from a possible heap overflow/out-of-bounds read/null pointer issue in cell phone product...

Huawei HarmonyOS 代码问题漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a code issue vulnerability that stems from a possible heap overflow/out-of-bounds read/null pointer issue in cell phone product...

Huawei HarmonyOS 代码问题漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a code issue vulnerability that stems from a possible heap overflow/out-of-bounds read/null pointer issue in cell phone product...

Infinity loop can lead to denial of service

Lines of code Vulnerability details Impact Infinity loop can lead to denial of service Proof of Concept Tools Used None. Recommended Mitigation Steps Refactor code if is possible. --- The text was updated successfully, but these errors were encountered: All reactions...

mojoPortal 代码问题漏洞

mojoPortal is the United States Joe Audette individual developer of a set of open source , object-oriented Web site architecture WSF and content management system CMS. The system offers event calendars, photo albums, file managers, and more. A code issue vulnerability exists in mojoPortal version...

Wrong balanceOf user after minting legendary gobbler

Lines of code Vulnerability details Impact In ArtGobblers.mintLegendaryGobbler function, line 458 calculates the number of gobblers user owned after minting // We subtract the amount of gobblers burned, and then add 1 to factor in the new legendary. getUserDatamsg.sender.gobblersOwned =...

Nepxion 代码问题漏洞

Nepxion is a China Nepxion open source based on Spring & Spring Boot & Spring Cloud framework. Nepxion Discovery There is a code issue vulnerability , the vulnerability stems from the vulnerability to potential server-side request forgery SSRF attacks , the attacker can use the vulnerability can...

CVE-2022-35087

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via MovieAddFrame at /src/gif2swf.c...

this is a test

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The...

Users can lose funds because It's possible to call withdraw() in Vault without call to endEpoch() by Controller.triggerEndEpoch(),

Lines of code Vulnerability details Impact users shouldn't be allowed to withdraw their funds before epoch settling down, and code should check that endEpoch has been called before allowing withdraw for that epoch. but right now withdraw only checks that epoch has been ended and this would happen...

Google TensorFlow 代码问题漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A code issue vulnerability exists in Google TensorFlow, which stems from the fact that if an empty sortedinputs input is provided for a LowerBound or UpperBound, it can cause nullptr dereference, an...

PYSEC-2022-43137

LIEF commit 365a16a was discovered to contain a reachable assertion abort via the component BinaryStream.hpp...

RIELLO UPS NetMan 代码问题漏洞

RIELLO UPS NetMan is a network adapter from RIELLO UPS, Italy. A code issue vulnerability exists in RIELLO UPS NetMan. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the manufacturer's bulletin...