269 matches found
Kudos Live has a flawed logic vulnerability
Kudou Live, formerly Fanxing Live, is an online video interactive performing arts platform created by Kudou in 2012. There is a logic flaw vulnerability in Kudou Live, which can be exploited by attackers to hijack plaintext messages and inject malicious programs into Kudou Live upgrade, leading t...
Logic flaw vulnerability in hera task scheduling system
hera task scheduler is a distributed task scheduler based on zeus rewrite. The hera Task Scheduler suffers from a logic flaw that can be exploited by an attacker to forge arbitrary login credentials via a built-in hard-coded key...
Cool Music App Has Logic Flaw Vulnerability
Cool Music is a music player. A logic flaw vulnerability exists in CoolMusic APP, which can be exploited by an attacker to cause a phone lockup by using a proxy tool to tamper with the packet to replace the upgrade link...
curl: CVE-2021-22924: Bad connection reuse due to flawed path name checks
Summary: Curlsslconfigmatches attempts to compare whether two SSL connections have identical SSL security options or not. The idea is to avoid reusing a connection that uses less secure, or completely different security options such as capath, cainfo or certificate/issuer pinning. Unfortunately...
The vulnerability of the IBM Security Guardium security tool lies in the use of cryptographic algorithms that contain defects and risks, allowing attackers to gain unauthorized access to the protected information.
The vulnerability of the IBM Security Guardium security tool is related to the use of cryptographic algorithms that contain defects and risks. Exploiting this vulnerability could allow an unauthorized attacker to gain unauthorized access to the protected information...
Uncaught Exception
Overview std/math/big is a Go standard library package std/math/big Affected versions of this package are vulnerable to Uncaught Exception. Go Vulnerability Report: A number of math/big.Int methods can panic when provided large inputs due to a flawed division method. Remediation Upgrade...
The vulnerability of the Graphics Component component of the Windows operating system, which allows a hacker to execute arbitrary code.
The vulnerability of the Graphics Component component in the Windows operating system is related to improper code generation. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
CVE-2021-21240
An uncontrolled resource consumption flaw as found in python-httplib2, due to a flawed regular expression used while parsing the WWW-Authenticate header in an HTTP response. This flaw allows a malicious or compromised server to reply with a crafted sequence of characters in the WWW-Authenticate...
IBM WebSphere Application Server 代码问题漏洞
IBM WebSphere Application Server WAS is an application server product from IBM in the United States. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A code issue vulnerability exists in IBM WebSphere Application Serv...
Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code
The Libgcrypt project has rushed out a fix for a critical bug in version 1.9.0 of the free-source cryptographic library. An exploit would allow an attacker to write arbitrary data to a target machine and execute code. The security vulnerability is a heap-buffer overflow bug in Libgcrypt 1.9.0...
Design/Logic Flaw
The deposit function in the smart contract implementation for Stable Yield Credit yCREDIT, an Ethereum token, has certain incorrect calculations. An attacker can obtain more yCREDIT tokens than they should...
BaoBao App has a flawed logic vulnerability
BaoBao APP is an insurance knowledge exchange platform. A logic flaw vulnerability exists in Paobao APP, which can be exploited by attackers to obtain sensitive information about the application...
WordPress Pushes Out Multiple Flawed Security Updates
The day after WordPress pushed out a critical 5.5.2 security update, patching a remote code execution bug and nine additional flaws, it was forced push out a second update and then a third 5.5.3 update. The hiccup is tied to the WordPress auto-update feature that accidentally started sending 455...
Improper Use Of Flawed Policy
openstack-selinux is using flawed policy. policy flaw allows dbus messaging...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none...
Prometheus Blackbox Exporter Code Issue Vulnerability
Prometheus Blackbox Exporter is a blackbox exporter released by the Linux Foundation in the United States that allows blackbox probing of endpoints over HTTP, HTTPS, DNS, TCP and ICMP. A code issue vulnerability exists in Prometheus Blackbox Exporter 0.17.0 and earlier versions. The vulnerability...
A British AI Tool to Predict Violent Crime Is Too Flawed to Use
A government-funded system known as Most Serious Violence was built to predict first offenses but turned out to be wildly inaccurate...
Information Disclosure
ssb-db and ssb-server are vulnerable to information disclosure. A flaw in the get method leads to a decryption of any messages it can decrypt and returning of decrypted sensitive data by default instead of only decrypting when asked...
Open-Xchange OX Guard Code Issue Vulnerability
Open-Xchange OX Guard is an encryption software from Open-Xchange USA. The software is mainly used for encryption/decryption of emails and documents. A code issue vulnerability exists in Open-Xchange OX Guard 2.10.3 and prior versions. The vulnerability arises from an improperly designed or...
Meetecho Janus Code Issue Vulnerability (CNVD-2020-34717)
Meetecho Janus is a WebRTC Web Real Time Communication server from Meetecho. A code issue vulnerability exists in Meetecho Janus. The vulnerability stems from an improperly designed or implemented code development process for a web system or product. Detailed vulnerability details are not availab...