LIM OpenEXR 输入验证错误漏洞

OpenEXR is an open-standard, high dynamic range image format that is widely used in computer graphics to store image data, but can also store some data needed for post-synthesis processing. An integer overflow vulnerability in the deep block sample size calculation in versions prior to LIM OpenEX...

CVE-2021-3477

There's a flaw in OpenEXR's deep tile sample size calculations. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability...

qianjunakasumi kongchuanhujiao 授权问题漏洞

qianjunakasumi kongchuanhujiao is qianjunakasumi an open source application . An online teaching quiz statistics deep learning analytics system . A security vulnerability exists in github.com/kongchuanhujiao/server before version 1.3.21, which stems from an authentication bypass...

USN-4784-1 xerces-c vulnerabilities

It was discovered that Xerces-C++ XML Parser mishandles certain kinds of external DTD references, resulting in a user-after-free. An attacker could use this vulnerability to cause a denial of service crash or possibly execute arbitrary code. This issue affected only Ubuntu 16.04 ESM. CVE-2016-209...

Cisco SD-WAN vEdge Routers DoS (cisco-sa-vedgfpdos-PkqQrnwV)

According to its self-reported version, Cisco SD-WAN vEdge routers are affected by a denial of service DoS vulnerability in the deep packet inspection DPI engine due to insufficient handling of malformed packets. An unauthenticated, adjacent attacker can exploit this to cause a DoS condition...

Google Android elevation of privilege vulnerability (CNVD-2021-24959)

Google Android is a Linux-based open source operating system from Google and the Open Handset Alliance OHA. Google Android suffers from an elevation of privilege vulnerability. The vulnerability stems from an input validation error in DeltaPerformer :: Write in deltaperformer.cc. An attacker can...

Weak Password Vulnerability in Deep Integrity Gateway MIG

All-in-one gateway MIG can provide an integrated solution for SME customers, meet the diversified needs of large enterprise branches, and realize a full range of cost-effective solutions from flexible networking to business control. A weak password vulnerability exists in DeepTrust Integrated...

Prototype Pollution

Overview set-deep-prop is a Set the value of a deeply nested object or array Affected versions of this package are vulnerable to Prototype Pollution via the main functionality. PoC const setDeepProp = require'set-deep-prop'; setDeepProp,'proto', 'x', 'polluted'; console.log.a; // polluted Details...

Google Android 输入验证错误漏洞

Google Android is a Linux-based open source operating system from Google and the Open Handset Alliance OHA. Google Android suffers from an elevation of privilege vulnerability. The vulnerability stems from an input validation error in DeltaPerformer :: Write in deltaperformer.cc. An attacker can...

Weak Password Vulnerability in DeepSync IPSec VPNs

DeepTrust IPSec VPN provides an all-in-one networking solution for small and medium-sized branches. There is a weak password vulnerability in the DeepSync IPSec VPN. Attackers utilize the vulnerability to log into the system background and obtain sensitive information...

Code Injection in jeikeilim/kindle

Description Kindle is an easy model build package for PyTorch. Building a deep learning model became so simple that almost all model can be made by copy and paste from other existing model codes, which is vulnerable to Arbitary Code Execution. Vulnerability Vulnerable to YAML deserialization atta...

nodejs-deep-extend: Prototype pollution can allow attackers to modify object properties

The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...

nodejs-set-value: prototype pollution in function set-value

A flaw was found in nodejs-set-value. The function mixin-deep can be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto payloads. The highest threat from this vulnerability is to data confidentiality and integrity...

nodejs-mixin-deep: prototype pollution in function mixin-deep

A flaw was found in Nodejs's mixin-deep prior to versions 1.3.2 and 2.0.0. The mixin-deep function could be used to add or modify properties of the Object.prototype. The highest threat from this vulnerability is to system availability...

Unpatched ShareIT Android App Flaw Could Let Hackers Inject Malware

Multiple unpatched vulnerabilities have been discovered in SHAREit, a popular app with over one billion downloads, that could be abused to leak a user's sensitive data, execute arbitrary code, and possibly lead to remote code execution. The findings come from cybersecurity firm Trend Micro's...

Unpatched ShareIT Android App Flaw Could Let Hackers Inject Malware

Multiple unpatched vulnerabilities have been discovered in SHAREit, a popular app with over one billion downloads, that could be abused to leak a user's sensitive data, execute arbitrary code, and possibly lead to remote code execution. The findings come from cybersecurity firm Trend Micro's...

Darkdump - Search The Deep Web Straight From Your Terminal

Darkdump is a simple script written in Python3.9 in which it allows users to enter a search term query in the command line and darkdump will pull all the deep web sites relating to that query. Darkdump wraps up the darksearch.io API. Installation 1. git clone https://github.com/josh0xA/darkdump 2...

nodejs-deep-extend: Prototype pollution can allow attackers to modify object properties

The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...

nodejs-set-value: prototype pollution in function set-value

A flaw was found in nodejs-set-value. The function mixin-deep can be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto payloads. The highest threat from this vulnerability is to data confidentiality and integrity...

nodejs-mixin-deep: prototype pollution in function mixin-deep

A flaw was found in Nodejs's mixin-deep prior to versions 1.3.2 and 2.0.0. The mixin-deep function could be used to add or modify properties of the Object.prototype. The highest threat from this vulnerability is to system availability...