UBUNTU-CVE-2023-26112

All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file...

CVE-2023-27980

CVE-2023-27980 : A CWE-306 vulnerability exists in Schneider Electric IGSS components (Data Server, Dashboard, Custom Reports) with versions 16.0.0.23040 and prior. The issue is a missing authentication for a critical function in the Data Server TCP interface, enabling creation of a malicious rep...

CVE-2023-26806

Tenda W20E v15.11.0.6USW20EV4.0brv15.11.0.610681546841 is vulnerable to Buffer Overflow via function formSetSysTime,...

User can call getReward multiple times causing 51% attack

Lines of code Vulnerability details Impact The Neo Tokyo staking program operates as follows: The staker is a competitive system where stakers compete for a fixed emission rate in each of the S1 Citizen, S2 Citizen, and LP token staking pools. Stakers "may" choose to lock their assets for some...

The claimWinningTickets() function does not include a check to ensure that the caller owns the tickets, or if has already been claimed

Lines of code Vulnerability details The claimWinningTickets function in the contract contains multiple vulnerabilities that can result in a loss of funds for the contract and its users. Firstly, the function can be called by anyone, even if they are not the owner of the ticket, allowing malicious...

The vulnerability of the backup function of the Cisco Unified Computing System (UCS) Manager and the export function of the Cisco FXOS routers Firepower 4100 Series, Firepower 9300 Security Appliances, UCS 6200, UCS 6300, UCS 6400, and UCS 6500 allows a intruder to gain unauthorized access to protected information.

The vulnerability of the backup function of the Cisco Unified Computing System UCS Manager and the export function of the Cisco FXOS routers Firepower 4100 Series, Firepower 9300 Security Appliances, UCS 6200, UCS 6300, UCS 6400, and UCS 6500 is related to the use of a hard-coded cryptographic ke...

CVE-2023-24188

ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted...

Online Eyewear Shop SQL注入漏洞

Online Eyewear Shop is an online eyewear store by Carlo Montero, a personal developer. A SQL injection vulnerability exists in Online Eyewear Shop version 1.0 due to an unknown function in the file oews/products/viewproduct.php, which can be used for SQL injection via the parameters name/pwd...

Stack overflow

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

The vulnerability of the cbq_classify() function in the network packet scheduling subsystem (net/sched/sch_cbq.c) in the Linux kernel allows a attacker to cause a service failure.

The vulnerability of the cbqclassify function in the network packet scheduling subsystem net/sched/schcbq.c of the Linux kernel is related to an incorrect definition of the class type. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2021-33642

When a file is processed, an infinite loop occurs in nextinline of the morecurly function...

CVE-2022-48126

TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function...

CVE-2021-33642

When a file is processed, an infinite loop occurs in nextinline of the morecurly function...

Buffer overflow

Buffer overflow in function Notepadplus::addHotSpot in Notepad++ v8.4.3 and earlier allows attackers to crash the application via two crafted files...

CVE-2022-45711

IP-COM M50 V15.11.0.3310768 was discovered to contain a command injection vulnerability via the hostname parameter in the formSetNetCheckTools function...

The vulnerability of the xrdp_sec_process_mcs_data_CS_CORE() function on the XRDP server allows a hacker to gain unauthorized access to protected information or cause service failures.

The vulnerability of the xrdpsecprocessmcsdataCSCORE function on the XRDP server is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information or cause service...

perfSONAR 跨站请求伪造漏洞

perfSONAR is a widely deployed test and measurement infrastructure used by scientific networks and facilities around the world to monitor and ensure network performance. A security vulnerability exists in perfSONAR versions v4.x through v4.4.5 that stems from the inclusion of cross-site request...

CVE-2022-44255

TOTOLINK LR350 V9.3.5u.6369B20220309 contains a pre-authentication buffer overflow in the main function via long post data...

The vulnerability of the Hints::Hints function (poppler/Hints.cc) in the Poppler PDF rendering library allows a attacker to cause a service failure.

The vulnerability of the Hints::Hints function in the Poppler PDF rendering library is related to errors during resource release. Exploiting this vulnerability allows an attacker to cause service interruptions through a specially created PDF file...

CVE-2022-44171

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formfastsettingwifiset...