45 matches found
AZL-13827 CVE-2022-4904 affecting package nodejs for versions less than 16.20.1-2
A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity...
overflow in buy function
Lines of code Vulnerability details Impact the function doesn't check if the input is more the supply Proof of Concept the function doesn't have any condition check of amount Tools Used manually Recommended Mitigation Steps check the input for maximum or requirement for max supply --- The text wa...
TensorFlow vulnerable to `CHECK` fail in `AudioSummaryV2`
Impact When AudioSummaryV2 receives an input samplerate with more than one element, it gives a CHECK fails that can be used to trigger a denial of service attack. python import tensorflow as tf arg0='' arg1=tf.random.uniformshape=1,1, dtype=tf.float32, maxval=None arg2=tf.random.uniformshape=2,1,...
PT-2022-10435 · Qualcomm · Qualcomm Snapdragon
Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon affected versions not specified Description: An out-of-bounds write can occur due to an incorrect input check in the camera driver. Recommendations: At the moment, there is no information about a newer version that contain...
CVE-2022-26125
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isistlvs.c...
Denial Of Service (DoS)
libimage-exiftool-perl:bookworm is vulnerable to denial of service. lib/Image/ExifTool.pm in ExifTool mishandles a $file = /|$/ check...
Cross-site Scripting (XSS) - Stored in janeczku/calibre-web
Description Missing input check on Identifiers lead to stored XSS. Steps to reproduce 1. 1. Any book - Edit metadata - Identifiers 2. 2. Set any value to the first field and javascript:alertdocument.domain to the second one. 3. 3. Save the book, select it, click on Identifier - XSSed! Proof of...
pow() is missing check on input parameters with 0 value
Handle gpersoon Vulnerability details Impact The contract LogExpMath.sol seems to be a fork of the balancer LogExpMath.sol contract. It is mostly similar, except for checks for x and y being 0 in the beginning of the function pow, see below. This omission might lead to unexpected results. Proof o...
CVE-2021-37595
In FreeRDP before 2.4.0 on Windows, wfcliprdrserverfilecontentsrequest in client/Windows/wfcliprdr.c has missing input checks for a FILECONTENTSRANGE File Contents Request PDU...
CVE-2021-25354
Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious deeplink...
CVE-2021-25354
Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious deeplink...
CVE-2021-25354
Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious deeplink...
The vulnerability of the user interface in Google Chrome’s Omnibox allows a perpetrator to compromise data integrity.
The vulnerability of the user interface in Google Chrome’s Omnibox is related to the lack of a mechanism for verifying the entered data. Exploiting this vulnerability allows an attacker to manipulate the integrity of data by creating a malicious HTML page...
The vulnerability of the recursive cloning component of the distributed Git version control system allows a hacker to gain unauthorized access to confidential data, cause service failures, and compromise data integrity.
The vulnerability of the recursive cloning component of the distributed version control system Git is related to the lack of a mechanism for verifying input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to confidential data, cause service failures, and...
CVE-2018-16088
A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to download arbitrary files with no user input via a crafted HTML page...
CVE-2018-11852
In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, improper check In the WMA API for the inputs received from the firmware and then fills the same to the host structure will lead to OOB write...
CVE-2018-11852
In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, improper check In the WMA API for the inputs received from the firmware and then fills the same to the host structure will lead to OOB write...
CVE-2018-11302
In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, lack of check of input received from userspace before copying into buffer can lead to potential array overflow in WLAN...
CVE-2018-11851
In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, lack of check on input received to calculate the buffer length can lead to out of bound write to kernel stack...
Old Android Flaw Elevates Privileges, Steals SMS, Call Logs
A five-year-old Android vulnerability disclosed today affects hundreds of different device models going back to Jelly Bean 4.3. Older devices are at the greatest risk; newer devices running Android with SE Android, the OS’ implementation of Security Enhanced Linux, are at a lesser risk. The...