The vulnerability of the transformation function for web applications used in phpMyAdmin administration systems allows attackers to execute cross-site scripting attacks.

The vulnerability of the transformation function for web applications used in phpMyAdmin administration systems is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially...

CVE-2020-1899

The unserialize function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56....

CVE-2021-26541

The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability...

CMSWing SQL注入漏洞

CMSWing is a ThinkJS-based e-commerce platform and CMS builder. A code execution vulnerability exists in CMSWing 1.3.8. The vulnerability stems from the log function not checking the log parameter. An attacker can exploit this vulnerability to execute arbitrary commands via malicious parameters...

CVE-2020-11833

In /SM8250QMaster/android/vendor/oppocharger/oppo/chargeric/oppomp2650.c, the function mp2650datalogwrite in mp2650datalogwrite does not check the parameter len which causes a vulnerability...

The vulnerability of the Windows Backup Service allows a hacker to exploit their privileges.

The vulnerability of the Windows Backup Service’s backup function is related to the operation of the process beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to increase their privileges...

bitcoin-abe Cross-Site Scripting Vulnerability

bitcoin-abe is a blockchain browser. The product is able to read bitcoin block files and it supports converting and loading data into a database. A cross-site scripting vulnerability exists in the call in the abe.py file in bitcoin-abe versions 0.7.2 and earlier and 0.8pre and earlier. The...

The vulnerability of the ikev1_n_print() function in the tcpdump network traffic capture and analysis tool allows a hacker to induce a service failure.

The vulnerability of the ikev1nprint function print-isakmp.c, a utility for capturing and analyzing network traffic using tcpdump, is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

The vulnerability of the template function for Cisco Webex Meetings software allows a hacker to delete any meeting template they desire.

The vulnerability of the template function for Cisco Webex Meetings software-related web conferencing solutions is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to delete any meeting template at will...

OSV-2020-1845 Stack-buffer-overflow in void put_epel_hv_fallback<unsigned short>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25937 Crash type: Stack-buffer-overflow READ 2 Crash state: void putepelhvfallback accelerationfunctions::puthevcepelv void mcchroma...

CVE-2020-10768

A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threa...

OSV-2020-1711 Use-of-uninitialized-value in void transform_idct_add<unsigned char>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25448 Crash type: Use-of-uninitialized-value Crash state: void transformidctadd transform4x4add8fallback void accelerationfunctions::transformadd...

@carnesen/mathjs-app (>=0.0.2 <=0.0.5), @ia-cloud/node-red-contrib-ia-cloud-fds-raspberry-pi (>=0.1.0 <=0.1.1) +37 more potentially affected by CVE-2017-1001004 via typed-function (>=0.10.3 <=0.10.5)

typed-function NPM version =0.10.3, =0.0.2, =0.1.0, =1.0.0, =1.19.0, =1.13.0, =1.1.8, =0.5.1, =0.1.22, =0.5.1, =3.10.0, =0.0.3, =0.1.18 and more Source cves: CVE-2017-1001004 Source advisory: OSV:GHSA-3QH4-R86R-GRVM...

CVE-2019-20914

An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwgencodecommonentityhandledata in commonentityhandledata.spec...

The vulnerability of the set function in the structured data search package SDS of the package manager NPM allows a attacker to execute arbitrary code.

The vulnerability of the set function in the structured data search package SDS of the package manager NPM arises due to insufficient cleaning of the data provided by users. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

Microsoft SharePoint Server 2013 < 15.0.5241.1000 Multiple Vulnerabilities

According to its self-reported version number, the Microsoft SharePoint application running on the remote host is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application...

Microsoft SharePoint Server 2019 < 16.0.10359.20000 Multiple Vulnerabilities

According to its self-reported version number, the Microsoft SharePoint application running on the remote host is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application...

Logic Flaw Vulnerability in FuturXE

FuturXE FXE is an ethereum-based virtual currency.A security vulnerability exists in the 'transferFrom' function in FXE's smart contract implementation, which stems from a logic error in the program. An attacker could exploit the vulnerability to make an unauthorized transfer of digital assets...

SwftCoin has a logic flaw vulnerability

SwftCoin SWFTC is an ethereum-based virtual currency. The 'buy' function in SWFTC's smart contract implementation has a security vulnerability that stems from the fact that an attacker can specify the price at which to buy. The vulnerability can be exploited by an attacker to cause financial loss...

The vulnerability of the “password” function in the TriStation 1131 security logic analysis software allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the “password” function in the TriStation 1131 security logic analysis software is related to the transmission of data in an open manner. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information...