SAMSUNG Mobile devices 资源管理错误漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from the South Korean company Samsung. A security vulnerability exists in SAMSUNG Mobile devices SMR Oct-2022 Release 1, which stems from the use of after free vulnerability in the setnftpid and...

CVE-2022-36587

In Tenda G3 USG3V3.0brV15.11.0.67663ENTDE, there is a buffer overflow vulnerability caused by sprintf in function in the httpd binary...

CVE-2022-2211

A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible number of matching keys in the getkeys function. This flaw leads to a denial of service, either by mistake or malicious actor...

The vulnerability of the exec() function in the ShellJS interpreter allows a malicious actor to gain unauthorized access to protected information, increase privileges, or cause service failures.

The vulnerability of the exec function in the ShellJS interpreter is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information, increase privileges, or cause service failures through specially created...

The vulnerability of the Fraction function in the libheif/box.cc component of the HEIF and AVIF encoding/decoding library allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Fraction function in the libheif/box.cc component of the HEIF and AVIF encoding/decoding library allows attackers to exploit it remotely. This enables them to access confidential data, compromise its integrity, and cause service failures...

CodeIgniter 代码问题漏洞

CodeIgniter is an open source Web framework written in PHP. codeIgniter is vulnerable to a code issue that stems from the deserialization of untrusted data found in the old function of the software. A remote attacker could use the vulnerability to inject an arbitrary object with the vulnerability...

Stark Bank 数据伪造问题漏洞

Stark Bank is a banking API for individual developers in Brazil that performs all banking operations through the API, simplifying and automating payments, facilitating reconciliations, and scaling operations. a data forgery issue vulnerability exists in Stark Bank python-ecdsa, which stems from t...

CVE-2020-36376

An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...

Shenzhim Aaptjs 操作系统命令注入漏洞

aaptjs is a node wrapper for aapt. aaptjs version 1.3.1 has a remote code execution vulnerability in the list function. An attacker can exploit this vulnerability to execute arbitrary code via the filePath parameter...

PT-2021-15291 · Unknown · Revive Adserver

Name of the Vulnerable Software and Affected Versions: revive-adserver versions prior to 5.3.0 Description: The issue is related to the generation of session IDs, which is based on the cryptographically insecure uniqid PHP function. This could potentially allow an attacker to brute force session...

The vulnerability of microprogrammed programmable logic controllers like Modicon and PacDrive lies in the lack of authentication for a critical function. This allows attackers to alter the device’s IP configuration.

The vulnerability of the microprogrammed logic controllers Modicon and PacDrive lies in the absence of authentication for the critical function. Exploiting this vulnerability allows an attacker to remotely alter the device’s IP configuration...

Katy Voor HHVM 缓冲区错误漏洞

Katy Voor HHVM is an open source application by Katy Voor. Provides an open source virtual machine designed to execute programs written in Hack. A security vulnerability exists in HHVM that stems from a crypt function that allows the size of the input salt to be null to terminate the buffer witho...

Buffer Over-read

oniguruma is vulnerable to Heap-based buffer over-read. It is possible because of a flaw in the function gb18030mbcenclen in file gb18030.c...

The vulnerability of the DNS split-function in Cisco IOS and Cisco IOS XE operating systems allows a attacker to cause a service failure.

The vulnerability of DNS split-function in Cisco IOS and Cisco IOS XE operating systems is related to insufficient processing of regular expressions. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

Cross-site Scripting (XSS)

Overview jquery is a package that makes things like HTML document traversal and manipulation, event handling, animation, and Ajax much simpler with an easy-to-use API that works across a multitude of browsers. Affected versions of this package are vulnerable to Cross-site Scripting XSS. load fail...

PolyAI has a flawed logic vulnerability

PolyAI AI is an ethereum-based virtual currency.A security vulnerability exists in the 'mintToken' function in AI's smart contract implementation. An attacker can exploit the vulnerability to increase the balance of a digital asset at any address...

DestiNeed has a flawed logic vulnerability

DestiNeed DSN is an Ether-based digital currency. An integer overflow vulnerability exists in the 'sell' function in DSN's smart contract implementation. An attacker could exploit the vulnerability to prevent the seller from accessing the assets due to the exchange...

SwapToken has a flawed logic vulnerability

SwapToken is an Ether-based digital currency. An integer overflow vulnerability exists in the 'sell' function in SwapToken's smart contract implementation. An attacker could use this vulnerability to prevent the seller from obtaining the assets due to the exchange...

CryptoSaga has a flawed logic vulnerability

CryptoSaga is an Ether-based digital currency. A security vulnerability exists in the 'random' function in CryptoSaga's smart contract implementation. An attacker could use the vulnerability to pre-calculate random numbers and manipulate the game...

A vulnerability in the anycast function of the Cisco NX-OS operating system, which allows a attacker to compromise the integrity of protected information.

The vulnerability in the anycast function of the Cisco NX-OS operating system is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow a malicious actor to compromise the integrity of protected information...