Password Shucking Vulnerability

Impact An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability. Therefore, they should be removed as soon as possible. If an attacker gets 1 the user's hashed...

CVE-2023-1205

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections...

Authentication flaw

A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender FEX when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the improper implementati...

CVE-2023-20012 Cisco Nexus 9300-FX3 Series Fabric Extender for UCS Fabric Interconnects Authentication Bypass Vulnerability

A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender FEX when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the improper implementati...

Command injection

Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands...

CVE-2023-21419

An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition...

PT-2023-18186 · Samsung · Secure Folder

Name of the Vulnerable Software and Affected Versions: Secure Folder versions prior to SMR Jan-2023 Release 1 Description: The issue is caused by an improper implementation logic in Secure Folder, which allows the Secure Folder container to remain unlocked under certain conditions. Recommendation...

CVE-2023-21419

An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition...

Special Element Injection

radare2, edge is vulnerable to Special Element Injection. The vulnerability exists due to improper implementation special elements into a different plane which allows an attacker to inject and execute malicious sql queries on the system...

Google Chrome Security Bypass Vulnerability (CNVD-2023-08277)

Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in Google Chrome, which stems from improper implementation in navigation. An attacker could exploit this vulnerability to bypass security restrictions...

CVE-2022-20940

A vulnerability in the TLS handler of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc. in the United States. Google Chrome suffers from a security vulnerability that stems from an improper implementation in pointer lock...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome that stems from an improper implementation in the Extensions API...

CVE-2022-29911

An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

CVE-2022-20695 Cisco Wireless LAN Controller Management Interface Authentication Bypass Vulnerability

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of...

[WP-H3] L1Migrator.sol#migrateETH() Improper implementation of L1Migrator causing migrateETH() always reverts, can lead to ETH in BridgeMinter getting stuck in the contract

Handle WatchPug Vulnerability details uint256 amount = IBridgeMinterbridgeMinterAddr .withdrawETHToL1Migrator; L1Migrator.solmigrateETH will call IBridgeMinterbridgeMinterAddr.withdrawETHToL1Migrator to withdraw ETH from BridgeMinter. However, the current implementation of L1Migrator is unable to...

Stanford CoreNlp 代码问题漏洞

Stanford CoreNlp is a suite of open source, natural language analysis tools written in Java by the Stanford Nlp Group team in the United States. Stanford corenlp has a code issue vulnerability that arises from improper design or implementation during code development of a networked system or...

TimeswapPair.sol#borrow() Improper implementation allows attacker to increase pool.state.z to a large value

Handle WatchPug Vulnerability details In the current implementation, borrow takes a user input value of zIncrease, while the actual collateral asset transferred in is calculated at L319, the state of pool.state.z still increased by the value of the user's input at L332. Even though a large number...

GPAC 代码问题漏洞

GPAC is an open source multimedia framework. GPAC 1.0.1 contains a security vulnerability that stems from improper design or implementation during the development of code for a networked system or product, which could be exploited by an attacker to conduct a denial-of-service attack...

GPAC 代码问题漏洞

GPAC is an open source multimedia framework. GPAC 1.0.1 contains a security vulnerability that stems from improper design or implementation during the development of code for a networked system or product, which could be exploited by an attacker to conduct a denial-of-service attack...