Transaction validity oversight in pallet-ethereum

Impact A bug in pallet-ethereum can cause invalid transactions to be included in the Ethereum block state in pallet-ethereum due to not validating the input data size. Any invalid transactions included this way have no possibility to alter the internal Ethereum or Substrate state. The transaction...

GHSA-GWFJ-PW2X-H6C2 Out of bounds read in simd-json

The affected version of this crate did not guard against accessing memory beyond the range of its input data. A pointer cast to read the data into a 256-bit register could lead to a segmentation fault when the end plus the 32 bytes 256 bit read would overlap into the next page during string...

Wuzhi CMS SQL Injection Vulnerability (CNVD-2021-66056)

WUZHI CMS is a PHP and MySQL based open source content management system CMS from Wuzhi. Wuzhi CMS has a SQL injection vulnerability in v4.1.0, which originates from a flag in the product /coreframe/app/order/admin/index.php page that fails to properly filter the special characters of the input...

Advantech WebAccess/SCADA Path Traversal Vulnerability (CNVD-2021-59235)

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, Taiwan, China. A path traversal vulnerability exists in Advantech WebAccess/SCADA, which stems from the product's failure to add access rights to input data. An attacker could use the vulnerability ...

Fortinet FortiSandbox SQL注入漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet, Inc. Fortinet FortiSandbox is vulnerable to SQL injection, a vulnerability that results from the product's failure to filter special characters in input data, which could be exploited to execute illegal...

NCH Axon PBX Cross-Site Scripting Vulnerability (CNVD-2021-55883)

NCH Axon PBX is a set of virtual telephone switch software used in a business environment. A cross-site scripting vulnerability exists in NCH Axon PBX, which stems from the fact that the product's customer name does not properly filter special characters in the input data and can be exploited to...

NCH Axon PBX Cross-Site Scripting Vulnerability (CNVD-2021-55882)

NCH Axon PBX is a set of virtual telephone switch software used in commercial environments. The software is primarily used to manage telephone call centers and implements the functionality of a telephone switch in software.A cross-site scripting vulnerability exists in NCH Axon PBX, which stems...

Injection Vulnerability

thunderbird is vulnerable to injection vulnerability. The vulnerability exists due to the lack of sanitization of input data prior to the completion of the STARTTLS handshake...

Huawei Emui and Magic UI DoS Vulnerability (CNVD-2021-93836)

Huawei Emui is a mobile operating system based on Android, and Magic Ui is a mobile operating system based on Android. A security vulnerability exists in Huawei Emui and Magic UI, which stems from a failure to properly validate input data. An attacker could exploit the vulnerability to cause a...

CVE-2021-22757

A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied input data, when a malicious CGF file is imported to IGSS Definition...

CVE-2021-22757

The connected Red Hat and Schneider Electric disclosures confirm CVE-2021-22757 affects Schneider Electric IGSS Definition (Def.exe) versions 15.0.0.21140 and earlier. The root cause is an out-of-bounds read (CWE-125) stemming from insufficient input validation when importing a malicious CGF file...

CVE-2021-22759

A CWE-416: Use after free vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a malicious CGF file is imported to IGSS Definition...

CVE-2020-11235

Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobil...

Buffer overflow

Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobil...

Buffer Overflow

libmysofa.so is vulnerable to buffer overflow. The vulnerability exists as input data in the function mysofaresamplerresetmem are not properly handled leading to a heap-based buffer overflow and overwriting of large memory block...

CVE-2020-36151

Incorrect handling of input data in mysofaresamplerresetmem function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and overwriting large memory block...

CVE-2020-36148

Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions e.g. in embedded environment...

CVE-2020-36150

Incorrect handling of input data in loudness function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and access to unallocated memory block...

Null pointer dereference

Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions e.g. in embedded environment...

Null pointer dereference

Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions e.g. in embedded environment...