CVE-2023-39018

FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple third parties because there are no realistic use cases in which...

Incorrect distribution of shares and liquidity as a result of total number of shares not equaling 100

Lines of code Vulnerability details Impact If the shares are not properly validated and do not add up to 100, there will be an imbalance in the distribution of funds resulting in loss of funds or locked funds that cannot be accessed or distributed correctly. Proof of Concept The constructor of th...

TOTOLINK A3300R 操作系统命令注入漏洞

TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. A code execution vulnerability exists in the TOTOLINK A3300R. The vulnerability stems from the lang parameter of the setLanguageCfg method failing...

league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase

Impact Servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException message if they did not provide a valid pass phrase for the key where required. Patches This issue has been patched so that the provided key is...

GHSA-WJ7Q-GJG8-3CPM league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase

Impact Servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException message if they did not provide a valid pass phrase for the key where required. Patches This issue has been patched so that the provided key is...

Design/Logic Flaw

league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException...

CVE-2023-37260 league/oauth2-server key exposed in exception message when passing as string and providing invalid pass phrase

league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException...

Security Bulletin: IBM Match 360 is vulnerable to SnakeYaml's Constructor() class that not restrict types which can be instantiated during deserialization (CVE-2022-1471)

Summary SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict...

PT-2023-4531 · Node.Js · Node.Js

Name of the Vulnerable Software and Affected Versions: Node.js version 20 Description: A vulnerability in Node.js allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module node:inspector. By exploiting the Worker class's ability to create an...

moment: inefficient parsing algorithm resulting in DoS

A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...

CVE-2023-32217

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments...

Design/Logic Flaw

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments...

[M-01] Unprotected function in Constructor

Lines of code Vulnerability details Impact anyone can deploy the contract, potentially with malicious intent. Proof of Concept The constructor is not protected by any access control mechanism. Recommended Mitigation Steps Add access control to the constructor, such as an Ownable pattern, to ensur...

CVE-2023-32217

CVE-2023-32217 affects SailPoint IdentityIQ versions 8.0 through 8.3 (with patches up to 8.0p6, 8.1p7, 8.2p6, 8.3p3 respectively). The issue stems from unsafe use of reflection that allows an authenticated user to invoke a Java constructor with no arguments or a single Map argument in any Java cl...

CVE-2023-32217 SailPoint IdentityIQ Unsafe use of Reflection Vulnerability

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments...

SnakeYaml: Constructor Deserialization Remote Code Execution

A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution RCE...

Possible URL spoofing on wildcard path

Description H3 provides the getRequestURL utility using the new URLa, b constructor. When variable a is attacker-controlled the origin of the resulting URL can be modified. Proof of Concept js // index.js import listen from "listhen"; import createApp, createRouter, eventHandler, toNodeListener,...

SUSE CVE-2023-29939

llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::spirv::TargetEnv::TargetEnvmlir::spirv::TargetEnvAttr...

Cross site scripting

A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting XSS in affected applications and sites built with Strikingly. The vulnerability exists because of Strikingly JavaScript library parsing the URL fragment allows access to the proto or...

Strikingly CMS 安全漏洞

Strikingly CMS is a content publishing platform. A security vulnerability exists in Strikingly CMS that stems from the Strikingly JavaScript library parsing URL fragments to allow access to proto or constructor properties and object prototypes...