Lucene search
K

876 matches found

NVD
NVD
added 2024/12/12 2:3 a.m.8 views

CVE-2024-47613

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in gstgdkpixbufdecflush within gstgdkpixbufdec.c. This function invokes memcpy, using outpix as the destination address. outpix is expected to point to the fra...

9.8CVSS0.00901EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/12/11 7:14 p.m.6 views

CVE-2024-47613

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in gstgdkpixbufdecflush within gstgdkpixbufdec.c. This function invokes memcpy, using outpix as the destination address. outpix is expected to point to the fra...

9.8CVSS6.9AI score0.00901EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/12/11 7:13 p.m.17 views

CVE-2024-47607 GHSL-2024-116: Stack-buffer overflow in gst_opus_dec_parse_header

GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gstopusdecparseheader function within gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If nchannels exceeds 64, the for loop will write beyond the...

8.6CVSS7.1AI score0.01199EPSS
Exploits0References3
CVE
CVE
added 2024/12/11 7:13 p.m.97 views

CVE-2024-47607

CVE-2024-47607 affects GStreamer’s opus decoder (gst_opus_dec_parse_header in gstopusdec.c). A stack-allocated pos buffer of size 64 can overflow when n_channels > 64, causing writes beyond the buffer and potential control-flow corruption (overwriting the EIP). The issue is fixed in GStreamer ...

9.8CVSS7.2AI score0.01199EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/12/11 6:52 p.m.34 views

CVE-2024-47538 GHSL-2024-115: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet

GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbishandleidentificationpacket function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd-vi.channels exceeds 64, the for loop will...

8.6CVSS0.01272EPSS
Exploits0References3
CVE
CVE
added 2024/12/11 6:52 p.m.124 views

CVE-2024-47538

CVE-2024-47538 affects GStreamer’s vorbis handling in the Vorbis decoder. A stack-buffer overflow is triggered in the function vorbis_handle_identification_packet within gstvorbisdec.c: a stack-allocated position buffer of size 64 is overflowed when vd->vi.channels exceeds 64, writing the valu...

9.8CVSS9.4AI score0.01272EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/10/15 4:15 a.m.4 views

CVE-2024-9969

NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site Scripting XSS attack. The affected product is no longer maintained. It is recommended to upgrade to the...

5.4CVSS5.8AI score0.00262EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/22 12:0 a.m.15 views

CVE-2024-45166

An issue was discovered in UCI IDOL 2 aka uciIDOL or IDOL2 through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service DoS attacks and possibly remote code execution...

7.8AI score0.01046EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/08/22 12:0 a.m.15 views

CVE-2024-45166

An issue was discovered in UCI IDOL 2 aka uciIDOL or IDOL2 through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service DoS attacks and possibly remote code execution...

0.01046EPSS
Exploits1References5
Code423n4
Code423n4
added 2023/12/20 12:0 a.m.12 views

Some tokens may revert when zero value transfers are made

Lines of code 356, 371, 145, 272, 252, 116, 445, 374, 506, 488https://github.com/Tapioca-DAO/tap-token-audit/blob/59749be5bc2286f0bdbf59d7ddc258ddafd49a9f/contracts/options/TapiocaOptionBroker...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/12/19 12:0 a.m.8 views

Use of transferFrom() rather than safeTransferFrom() for NFTs in will lead to the loss of NFTs

Lines of code 230, 342, 514, 536 Vulnerability details The EIP-721 standard says the following about transferFrom: /// @notice Transfer ownership of an NFT -- THE CALLER IS RESPONSIBLE /// TO CONFIRM THAT to IS CAPABLE OF RECEIVING NFTS OR ELSE /// THEY MAY BE PERMANENTLY LOST /// @dev Throws...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/12/12 12:0 a.m.54 views

Use of transferFrom() rather than safeTransferFrom() for NFTs in will lead to the loss of NFTs

Lines of code 230, 342, 514, 536 Vulnerability details The EIP-721 standard says the following about transferFrom: /// @notice Transfer ownership of an NFT -- THE CALLER IS RESPONSIBLE /// TO CONFIRM THAT to IS CAPABLE OF RECEIVING NFTS OR ELSE /// THEY MAY BE PERMANENTLY LOST /// @dev Throws...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/12/12 12:0 a.m.7 views

Use of transferFrom() rather than safeTransferFrom() for NFTs in will lead to the loss of NFTs

Lines of code 230, 342, 514, 536 Vulnerability details The EIP-721 standard says the following about transferFrom: /// @notice Transfer ownership of an NFT -- THE CALLER IS RESPONSIBLE /// TO CONFIRM THAT to IS CAPABLE OF RECEIVING NFTS OR ELSE /// THEY MAY BE PERMANENTLY LOST /// @dev Throws...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/12/12 12:0 a.m.72 views

Some tokens may revert when zero value transfers are made

Lines of code 356, 371, 145, 272, 252, 116, 445, 374, 506, 488https://github.com/Tapioca-DAO/tap-token-audit/blob/59749be5bc2286f0bdbf59d7ddc258ddafd49a9f/contracts/options/TapiocaOptionBroker...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/11/29 12:0 a.m.10 views

Use of transferFrom() rather than safeTransferFrom() for NFTs in will lead to the loss of NFTs

Lines of code 230, 342, 514, 536 Vulnerability details Impact The EIP-721 standard says the following about transferFrom: /// @notice Transfer ownership of an NFT -- THE CALLER IS RESPONSIBLE /// TO CONFIRM THAT to IS CAPABLE OF RECEIVING NFTS OR ELSE /// THEY MAY BE PERMANENTLY LOST /// @dev...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/09/14 12:0 a.m.5 views

Potential Incorrect Domain Separator Generation in _calculateDomainSeparator Function

Lines of code Vulnerability details The calculateDomainSeparator function generates the EIP-712 domain separator using the contract's name and version. However, there is no explicit guarantee that the name has been set before calling this function, leading to an unreliable domain separator. Impac...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.10 views

EIP-2938 Breaks Whitelist Logic

Lines of code Vulnerability details Impact Unauthorized contracts can bypass whitelistedContractsmsg.sender due to EIP-2938. Proof of Concept In the function isEligibleSender it checks if msg.sender != tx.origin... but when EIP-2938 a.k.a Account Abstraction is fully implemented it will be possib...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/07 12:0 a.m.17 views

executeOperation() doesn't pass/authenticate the initiator address

Lines of code Vulnerability details Impact In OptionsPositionManager.sol executeFlashloan. File: contracts/PositionManager/OptionsPositionManager.sol function executeOperation address calldata assets, uint256 calldata amounts, uint256 calldata premiums, address initiator, bytes calldata params...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.17 views

Moxa MGate 5105-MB-EIP DestIP Command Injection Remote Code Execution (CVE-2020-8858)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. Authentication is required to exploit this vulnerability. The specific flaw exists within the DestIP parameter within MainPing.asp. The issue results from...

9CVSS8.4AI score0.07439EPSS
Exploits0References3
Code423n4
Code423n4
added 2023/07/31 12:0 a.m.10 views

Inconsistent encoding of arrays in MetaTxLib

Lines of code Vulnerability details Bug Description According to the EIP-712 specification, arrays are encoded by concatenating its elements and passing the result to keccak256: The array values are encoded as the keccak256 hash of the concatenated encodeData of their contents i.e. the encoding o...

7AI score
Exploits0
Rows per page
Query Builder