Lucene search
K

142 matches found

BDU FSTEC
BDU FSTEC
added 2022/11/17 12:0 a.m.7 views

The vulnerability of the --inspect parameter implementation in Node.js’s object manipulation tools allows attackers to execute arbitrary code.

The vulnerability of the --inspect parameter in the Node.js object manipulation tool is related to errors during the conversion of the octal IP address. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.8CVSS7AI score0.14024EPSS
Exploits0References16Affected Software8
Positive Technologies
Positive Technologies
added 2022/10/18 12:0 a.m.7 views

PT-2022-6861

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19 Oracle GraalVM Enterprise Edition versions 20.3.7, 21.3.3, 22.2.0 Description The issue is related to an error in integer value conversion in the Security component of Oracle...

5.3CVSS6.6AI score0.02376EPSS
Exploits0References311
ATTACKERKB
ATTACKERKB
added 2022/10/11 2:15 a.m.2 views

CVE-2022-40138

An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code. Note that this is only exploitable in cases where Hermes is used to execute...

9.8CVSS7.6AI score0.00891EPSS
Exploits0References3
NVD
NVD
added 2022/10/11 2:15 a.m.52 views

CVE-2022-40138

An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code. Note that this is only exploitable in cases where Hermes is used to execute...

9.8CVSS0.00891EPSS
Exploits0References2
Prion
Prion
added 2022/10/11 2:15 a.m.26 views

Design/Logic Flaw

An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code. Note that this is only exploitable in cases where Hermes is used to execute...

7.5CVSS9.7AI score0.00891EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/10/11 12:0 a.m.61 views

CVE-2022-40138

CVE-2022-40138 affects Hermes, the JavaScript engine used by React Native. The issue is an integer conversion error in Hermes bytecode generation (before commit 6aa825e480d48127b480b08d13adf70033237097) that could allow out-of-bounds operations and arbitrary code execution when untrusted JavaScri...

9.8CVSS9.8AI score0.00891EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/10 12:0 a.m.5 views

PT-2022-5008 · Facebook · Hermes

Name of the Vulnerable Software and Affected Versions: Hermes versions prior to commit 6aa825e480d48127b480b08d13adf70033237097 Description: The issue is related to an integer conversion error in Hermes bytecode generation. This error could be used to perform Out-Of-Bounds operations and...

9.8CVSS9.6AI score0.00891EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/07/18 9:15 p.m.2 views

CVE-2022-34031

Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njsvaluetonumber at src/njsvalueconversion.h...

7.5CVSS5.9AI score0.00783EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/07/07 12:0 a.m.6 views

Qualcomm 芯片代码问题漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and from time to time are manufactured on the surface of semiconductor wafers. A code issue vulnerability exists in various Qualcomm products th...

8.4CVSS8AI score0.00119EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/14 1:51 a.m.31 views

Apache Struts Code injection due to conversion error

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field...

10CVSS9.3AI score0.1388EPSS
Exploits0References9Affected Software2
OSV
OSV
added 2022/05/14 1:51 a.m.26 views

GHSA-MWRX-HX6X-3HHV Apache Struts Code injection due to conversion error

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field...

10CVSS9.4AI score0.1388EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2022/03/04 12:0 a.m.7 views

The vulnerability of the rendering module of Blink web pages in Google Chrome and Microsoft Edge allows a hacker to execute arbitrary code.

The vulnerability of the rendering module for web pages in Google Chrome and Microsoft Edge browsers is related to type conversion errors. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

10CVSS8.1AI score0.00982EPSS
Exploits0References10Affected Software6
Ubuntu
Ubuntu
added 2022/01/06 9:48 a.m.110 views

LSN-0083-1: Kernel Live Patch Security Notice

The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.CVE-2018-25020...

8.8CVSS7.6AI score0.78684EPSS
Exploits29
Code423n4
Code423n4
added 2021/12/15 12:0 a.m.12 views

Yearn token <> shares conversion decimal issue

Handle cmichel Vulnerability details The yearn strategy YearnYield converts shares to tokens by doing pricePerFullShare shares / 1e18: function getTokensForSharesuint256 shares, address asset public view override returns uint256 amount if shares == 0 return 0; // @audit should divided by...

6.9AI score
Exploits0
OSV
OSV
added 2021/12/08 10:15 p.m.1 views

DEBIAN-CVE-2021-43537

An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

8.8CVSS7.9AI score0.0202EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/11/17 12:0 a.m.8 views

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code or cause service interruptions.

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers is related to type conversion errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or trigger a denial-of-service attack through a specially created web page...

10CVSS8AI score0.26703EPSS
Exploits1References10Affected Software6
BDU FSTEC
BDU FSTEC
added 2021/10/08 12:0 a.m.8 views

The vulnerability of Google Chrome, related to a type conversion error, allows a hacker to circumvent existing security restrictions by using a specially created HTML page.

The vulnerability of Google Chrome is related to a type conversion error. Exploiting this vulnerability allows an attacker to bypass existing security restrictions through a specially created HTML page...

9.3CVSS7.7AI score0.64701EPSS
Exploits1References13Affected Software7
Ubuntu
Ubuntu
added 2021/09/13 9:12 a.m.139 views

LSN-0081-1: Kernel Live Patch Security Notice

Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory.CVE-2021-3653 Maxim...

8.8CVSS7.4AI score0.78684EPSS
Exploits28
BDU FSTEC
BDU FSTEC
added 2021/09/03 12:0 a.m.6 views

The vulnerability of the Adobe Photoshop CC graphic editor, related to a type conversion error, allows a hacker to execute arbitrary code.

The vulnerability of the Adobe Photoshop CC graphic editor is related to a type conversion error. Exploiting this vulnerability allows an attacker to execute arbitrary code in the context of the current user...

10CVSS8.2AI score0.06433EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/08/08 6:15 a.m.6 views

UBUNTU-CVE-2021-38187

An issue was discovered in the anymap crate through 0.12.1 for Rust. It violates soundness via conversion of a u8 to a u64...

9.8CVSS5.8AI score0.01441EPSS
Exploits1References4
Rows per page
Query Builder