842 matches found
CVE-2023-49468
Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the readcodingunit function at slice.cc...
ALPINE-CVE-2023-49468
Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the readcodingunit function at slice.cc...
UBUNTU-CVE-2023-49468
Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the readcodingunit function at slice.cc...
Libde265 Security Vulnerability
Libde265 is a German h.265 video codec. A security vulnerability exists in Libde265 version v1.0.14, which stems from the discovery of a global buffer overflow vulnerability contained in the readcodingunit function of slice.cc...
MAL-2023-8651 Malicious code in lodestone (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c5569d9f5d17acc6330446faa4b9f8eff7b389a4cde9698946b8473c5bd8e74e The OpenSSF Package Analysis project identified 'lodestone' @ 0.0.58 pypi as malicious. It is considered malicious because: - The package...
PT-2023-8649 · Libde265 +4 · Libde265 +4
Name of the Vulnerable Software and Affected Versions: Libde265 version 1.0.14 Description: The issue is related to a global buffer overflow vulnerability in the read coding unit function at slice.cc. This vulnerability may allow a remote attacker to impact the confidentiality, integrity, and...
user can buy when there's no bonding curve set
Lines of code Vulnerability details Impact Users can buy with no bonding curve set Proof of Concept function buyuint256 id, uint256 amount external /// @audit add a check that ensures there's a bonding curve set requireshareDataid.creator != msg.sender, "Creator cannot buy"; uint256 price, uint25...
Incorrect fee splitting logic
Lines of code Vulnerability details Impact The fee splitting logic does not properly attribute holder and creator rewards. By splitting fees from the total rather than incrementally, it distorts the proportional rewards earned over time. This could undermine the incentive structures and alignment...
kernel: null pointer when load rlc firmware
A vulnerability was found in the drm/amdgpu driver of Linux Kernel, causing null pointer dereference when attempting to load RLC Run-Length Coding firmware. This issue arises if the firmware has an incorrect header size, causing premature release of the firmware pointer in amdgpuucoderequest,...
PT-2023-7232 · Gstreamer +6 · Gstreamer +6
Name of the Vulnerable Software and Affected Versions: GStreamer affected versions not specified Description: The issue is related to a heap-based buffer overflow in the AV1 Codec parsing of the GStreamer multimedia framework. This allows remote attackers to execute arbitrary code on affected...
CVE-2023-46248
Cody is an artificial intelligence AI coding assistant. The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the Cody configuration file .vscode/cody.json and...
What is a Cloud Workload Protection Platform ? (CWPP)
Diving into the Depths of Cloud Workload Defense Framework CWDF Mysteries Setting out to understand cloud security, one frequently encounters the term - Cloud Workload Defense Framework CWDF. What exact role does CWDF play? Let's decode this riddle. At its core, the Cloud Workload Defense Framewo...
Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
The North Korea-linked Lazarus Group has been linked to a cyber espionage attack targeting an unnamed aerospace company in Spain in which employees of the firm were approached by the threat actor posing as a recruiter for Meta. "Employees of the targeted company were contacted by a fake recruiter...
Oracle Linux 6 : httpd (ELSA-2015-1249)
The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-1249 advisory. - core: fix bypassing of modheaders rules via chunked requests CVE-2013-5704 Tenable has extracted the preceding description block directly from the Oracle Linu...
FreeRDP 资源管理错误漏洞
FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP team. FreeRDP suffers from a resource management error vulnerability that stems from a post-release reuse issue in the avc420ensurebuffer and avc444ensurebuffer functions...
Notepad++ 安全漏洞
Notepad++ is an open source plain text editor by Don Ho, an individual developer in Taiwan, China. A security vulnerability exists in Notepad++, which stems from a global buffer read overflow vulnerability in the nsCodingStateMachine::NextStater function...
PT-2023-4779 · Notepad++ · Notepad++
Name of the Vulnerable Software and Affected Versions: Notepad++ versions 8.5.6 and prior Description: The issue is related to a global buffer read overflow in the nsCodingStateMachine::NextStater function. This may potentially be used to leak internal memory allocation information. The...
GHSA-6JWC-QR2Q-7XWJ protocol-http1 HTTP Request/Response Smuggling vulnerability
Impact RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension detailed ABNF is in Appendix section. In summary: - The value of Content-Length header should be a string of 0-9 digits. - The chunk size should be a string of hex digits and should split from chunk data...
Beware of BOLA (IDOR) Vulnerabilities in Web Apps and APIs
Introduction In a recent advisory, the Cybersecurity and Infrastructure Security Agency CISA warned vendors, designers, developers, and end-user organizations of web applications about the dangers posed by Insecure Direct Object Reference IDOR vulnerabilities, now commonly referred to as BOLA...
Empowering Future Minds: The Indispensable Role of Coding for Kids
By Waqas Why Coding for Kids is Vital - Importance & Benefits Explained! In an era dominated by rapid technological… This is a post from HackRead.com Read the original post: Empowering Future Minds: The Indispensable Role of Coding for Kids...