EUVD-2021-1719

Malware in sbrugna...

CVE-2020-26279

go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0-rc1, it is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten, or written t...

CVE-2024-0111

NVIDIA CUDA Toolkit contains a vulnerability in command 'cuobjdump' where a user may cause a crash or produce incorrect output by passing a malformed ELF file. A successful exploit of this vulnerability may lead to a limited denial of service or data tampering...

CVE-2024-32632

CVE-2024-32632 affects ATCMD, where a value is misinterpreted by printf, causing incorrect output and possibly out-of-bounds memory access. The initial entry notes a medium base CVSS (6.6) with adjacent network access and user interaction required, and data shows no explicit exploit status. Conne...

Asrmicro ASR Series 安全漏洞

The Asrmicro ASR Series is a series of chips from Avantage Technology Asrmicro, a Chinese company. A security vulnerability exists in the Asrmicro ASR Series that stems from incorrect output and possible memory access overruns. The following products are affected: ASR360x Series chips, ASR160x...

Wing FTP Server Security Vulnerability

Wing FTP Server is a cross-platform FTP server software. A security vulnerability exists in Wing FTP Server 7.2.0 and prior versions, which stems from an incorrect output encoding of the User Web Client, resulting in a cross-site scripting XSS vulnerability...

PT-2023-21859

Name of the Vulnerable Software and Affected Versions lambdaisland/uri versions prior to 1.14.120 Description The issue allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri library, returning the wrong authority. This occurs because the authority-regex does not handle th...

SUSE CVE-2015-8803

The ecc256modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than...

GO-2022-0209 Insufficiently random values in golang.org/x/crypto/salsa20

XORKeyStream generates incorrect and insecure output for very large inputs. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream...

CVE-2022-22571

An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions...

redeem may return less than minOut

Handle gzeon Vulnerability details Impact redeem may return less than minOut if wrong token is supplied with poolID=3 because there is no check against minOut in L230-L232. Proof of Concept 1. User mistakenly call redeemUSDC, 100, 3, 0, 100 2. The contract take 100 bBTC from the user, redeem it...

Microsoft Visual Studio asm Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code on executables compiled using vulnerable installations of Microsoft Visual Studio. Attack vectors will vary depending on the nature of the executable in question. The specific flaw exists within the compilation of asm blocks in Visual...

nettle: secp256 calculation bug

The ecc256modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than...

CVE-2015-8804

x8664/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors...

CVE-2015-8803

The ecc256modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than...

Code injection

The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors...

CVE-2015-8618

The CVE-2015-8618 issue affects Go 1.5.x before 1.5.3, where the Int.Exp Montgomery code in math/big mishandles carry propagation, producing incorrect output and enabling an attacker to potentially obtain a private RSA key via unspecified vectors. The vulnerability is addressed by upgrading to Go...