474 matches found
CVE-2024-27008
CVE-2024-27008 is confirmed in the connected MiracleLinux advisories as a Linux kernel vulnerability affecting the drm nv04 driver. Description: when Output Resource (dcb->or) is assigned in fabricate_dcb_output(), there can be an out-of-bounds access to the dac_users array if dcb->or is ze...
CVE-2024-27008 drm: nv04: Fix out of bounds access
In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource dcb-or value is assigned in fabricatedcboutput, there may be out of bounds access to dacusers array in case dcb-or is zero because ffsdcb-or is used as index there. The 'or...
(Pwn2Own) Google Chrome V8 Enum Cache Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation o...
Cloud_Enum - Multi-cloud OSINT Tool. Enumerate Public Resources In AWS, Azure, And Google Cloud
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud. Currently enumerates the following: Amazon Web Services : - Open / Protected S3 Buckets - awsapps WorkMail, WorkDocs, Connect, etc. Microsoft Azure: - Storage Accounts - Open Blob Storage Containers - Hosted...
CVE-2024-29232
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct...
CVE-2024-29231
Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors...
Synology Surveillance Station 安全漏洞
Synology Surveillance Station is an application from Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. A security vulnerability previously existed in Synology Surveillance Station version 9.2.0-11289, which stemmed from an...
Synology Surveillance Station SQL注入漏洞
Synology Surveillance Station is an application from Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. A SQL injection vulnerability previously existed in Synology Surveillance Station version 9.2.0-11289, which stemmed fro...
[SECURITY] Fedora 40 Update: apache-commons-lang3-3.14.0-5.fc40
The standard Java libraries fail to provide enough methods for manipulation of its core classes. The Commons Lang Component provides these extra methods. The Commons Lang Component provides a host of helper utilities for the java.lang API, notably String manipulation methods, basic numerical...
Malicious code in npm-research-enum (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 32f39024ba535c374e98c41355c2663f4ae5a92ff25df3c0f8cc60837ec06d56 The OpenSSF Package Analysis project identified 'npm-research-enum' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
Relying on string comparisons to determine which parameter to update in the file() function is brittle and could lead to unintended consequences.
Lines of code Vulnerability details Impact This can allow unintentionally changing sensitive state variables Proof of Concept The vulnerability arises because: file relies on a simple string comparison of the what parameter to determine which state variable to update. A developer could accidental...
CVE-2023-36312
There is a Cross Site Scripting XSS vulnerability in the value-enum-obfincludetimezone parameter of index.php in PHPJabbers Callback Widget v1.0...
CVE-2023-36312
There is a Cross Site Scripting XSS vulnerability in the value-enum-obfincludetimezone parameter of index.php in PHPJabbers Callback Widget v1.0...
CVE-2023-36312
There is a Cross Site Scripting XSS vulnerability in the value-enum-obfincludetimezone parameter of index.php in PHPJabbers Callback Widget v1.0...
a user can not change there vote and will cause to revert when trying due to uninitialized enum
Lines of code Vulnerability details Impact in CoreVoting.vote if you are voting again or changing direction firstly it will subtract the previous vote amount of votes but when doing that it is using uninitialized enum castBallot which by default return 0 yes enum to subtract from if...
Problem with ValiodatorStatus.INITIALIZED
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The default value for Enums in solidity are always the first parameters in them. In the ValidatorStatus Enum however, INITIALIZED is the first value and therefore the default value of the ValidatorStatu...
GHSA-J65R-G7Q2-F8V3 Pimcore customers' list user password hash is disclosed
Impact The customer view exposes the hashed password along with other deails. An attacker is then able to enum password of a particular id, likewise we can replace id with other user , for example 1015, password hash can be disclosed which can be further cracked with hashcat Patches Update to...
Adverserial use of `make_bitflags!` macro can cause undefined behavior
The macro relied on an expression of the form Enum::Variant always being a variant of the enum. However, it may also be an associated integer constant, in which case there's no guarantee that the value of said constant consists only of bits valid for this bitflag type. Thus, code like this could...
Adverserial use of `make_bitflags!` macro can cause undefined behavior
The macro relied on an expression of the form Enum::Variant always being a variant of the enum. However, it may also be an associated integer constant, in which case there's no guarantee that the value of said constant consists only of bits valid for this bitflag type. Thus, code like this could...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Ibexa Ezplatform-Graphql
CVE-2022-41876 - eZ Platform user information disclosure A vu...