8976 matches found
Linux Kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux Kernel that stems from type obfuscation in initialization functions...
Adobe Dimension USD File Parsing Uninitialized Variable Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...
Adobe Dimension USD File Parsing Uninitialized Pointer Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...
CVE-2023-26084
The armv8decaesgcmfull API of Arm AArch64cryptolib before 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack. This occurs because of an improperly initialized variable...
CVE-2023-26084
The armv8decaesgcmfull API of Arm AArch64cryptolib before 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack. This occurs because of an improperly initialized variable...
Moderate: Red Hat Security Advisory: gnutls security and bug fix update
An update for gnutls is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
openssl: NULL dereference during PKCS7 data verification
A NULL pointer vulnerability was found in OpenSSL, which can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not...
ABB SMU615 Improper Initialization (CVE-2021-22283)
Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1...
GHSA-7R7X-4C4Q-C4QF Missing proper state, nonce and PKCE checks for OAuth authentication
Impact next-auth applications using OAuth provider versions before v4.20.1 are affected. A bad actor who can spy on the victim's network or able to social engineer the victim to click a manipulated login link could intercept and tamper with the authorization URL to log in as the victim, bypassing...
Missing proper state, nonce and PKCE checks for OAuth authentication
Impact next-auth applications using OAuth provider versions before v4.20.1 are affected. A bad actor who can spy on the victim's network or able to social engineer the victim to click a manipulated login link could intercept and tamper with the authorization URL to log in as the victim, bypassing...
CVE-2023-0628
Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL...
CVE-2023-0628 Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL
Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL...
Docker Desktop 命令注入漏洞
Docker Desktop is a container technology-based desktop software for lightweight deployment of applications from the U.S. company Docker. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...
CVE-2022-40530
Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase...
Akuvox E11 安全特征问题漏洞
Akuvox E11 is a SIP visual doorbell from Akuvox designed for villas, houses and apartments. A security vulnerability exists in Akuvox E11 that stems from the inclusion of a feature that encrypts a message and then forwards it.The IV vector and key are static, which could allow an attacker to...
Authorization
NextAuth.js is an open source authentication solution for Next.js applications. next-auth applications using OAuth provider versions before v4.20.1 have been found to be subject to an authentication vulnerability. A bad actor who can read traffic on the victim's network or who is able to social...
CVE-2023-27490 Missing proper state, nonce and PKCE checks for OAuth authentication in next-auth
NextAuth.js is an open source authentication solution for Next.js applications. next-auth applications using OAuth provider versions before v4.20.1 have been found to be subject to an authentication vulnerability. A bad actor who can read traffic on the victim's network or who is able to social...
CVE-2023-27490 Missing proper state, nonce and PKCE checks for OAuth authentication in next-auth
NextAuth.js is an open source authentication solution for Next.js applications. next-auth applications using OAuth provider versions before v4.20.1 have been found to be subject to an authentication vulnerability. A bad actor who can read traffic on the victim's network or who is able to social...
Debian: Security Advisory (DLA-288-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-40530 Integer overflow to buffer overflow in WLAN
Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase...