87 matches found
CLSA-2024-1715281321 php: Fix of 2 CVEs
CVE-2022-31629: Add cookie integrity validation - CVE-2024-2756: Move cookie integrity validation downwards...
CLSA-2024-1715280966 php: Fix of 2 CVEs
CVE-2022-31629: Add cookie integrity validation - CVE-2024-2756: Move cookie integrity validation downwards...
CVE-2024-23461
An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4...
The vulnerability of the microprogramming software of the Ubiquiti airFiber AF2X Radio station lies in the improper validation of the integrity check value. This allows a perpetrator to execute a “man-in-the-middle” attack.
The vulnerability of the microprogramming software of the Ubiquiti airFiber AF2X radio station lies in the improper validation of the integrity check value. Exploiting this vulnerability could allow a malicious actor, operating remotely, to carry out a “man-in-the-middle” attack...
CVE-2023-44402
Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is specifi...
CVE-2023-44402 ASAR Integrity bypass via filetype confusion in electron
Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is specifi...
PT-2023-29234 · Electron · Electron
Name of the Vulnerable Software and Affected Versions: Electron versions prior to 22.3.24 Electron versions prior to 24.8.3 Electron versions prior to 25.8.1 Electron versions prior to 26.2.1 Electron versions prior to 27.0.0-alpha.7 Description: This issue impacts Electron apps that have the...
CVE-2023-4929
CVE-2023-4929 affects all firmware versions of the MOXA NPort 5000 Series due to improper validation of integrity checks during firmware updates/upgrades. This root cause — insufficient checks on firmware updates — could allow malicious modification of firmware and result in device takeover. The ...
Internet Bug Bounty: Dependency Policy Bypass via process.binding
A vulnerability was discovered in Node.js that allowed for the bypassing of permissions policies via the use of the process.binding API. This vulnerability allowed an attacker to run arbitrary code outside of the limits defined in a policy.json file. The vulnerability affected all users using the...
CVE-2023-30673
Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.230521 allows local attackers to delete arbitrary directory using directory junction...
CLSA-2023-1686859492 php: Fix of 3 CVEs
CVE-2022-31628: Fix potential infinite recursion in phar wrapper when using quine gzip file - CVE-2022-31629: Add cookie integrity validation - CVE-2022-31631: Fix integer overflow that could cause PDO::quote to return an improperly quoted string...
CLSA-2023-1686858853 php: Fix of 3 CVEs
CVE-2022-31628: Fix potential infinite recursion in phar wrapper when using quine gzip file - CVE-2022-31629: Add cookie integrity validation - CVE-2022-31631: Fix integer overflow that could cause PDO::quote to return an improperly quoted string...
CVE-2022-38773
Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary cod...
CVE-2022-39844
Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.22083 allows local attackers to delete arbitrary directory using directory junction...
Input validation
Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.22083 allows local attackers to delete arbitrary directory using directory junction...
SAMSUNG Smart Switch PC 安全漏洞
SAMSUNG Smart Switch PC is a Windows software from Samsung South Korea. It is used for data transfer. A security vulnerability exists in SAMSUNG Smart Switch PC prior to version 4.3.22083, which stems from an improper validation of its integrity check that could be exploited by a local attacker t...
[SECURITY] Fedora 36 Update: golang-github-theupdateframework-notary-0.7.0-6.fc36
The Notary project comprises a server and a client for running and interacting with trusted collections. See the service architecture documentation for more information. Notary aims to make the internet more secure by making it easy for people to publish and verify content. We often rely on TLS t...
CVE-2021-27428
GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without...
Improper Validation of Integrity Check Value in TensorFlow
Impact The implementation of tf.sparse.split does not fully validate the input arguments. Hence, a malicious user can trigger a denial of service via a segfault or a heap OOB read: python import tensorflow as tf data = tf.random.uniform1, 32, 32, dtype=tf.float32 axis = 1, 2 x =...
ASUS P453UJ Buffer Overflow Vulnerability
ASUS P453UJ is a BIOS firmware from Asus ASUS of Taiwan, China. The ASUS P453UJ suffers from a buffer overflow vulnerability that originates from a local attacker, with the permission of a regular user, who can modify the BIOS by replacing or padding the contents of the specified Memory DataBuffe...