Lucene search
K

87 matches found

OSV
OSV
added 2024/05/09 7:2 p.m.11 views

CLSA-2024-1715281321 php: Fix of 2 CVEs

CVE-2022-31629: Add cookie integrity validation - CVE-2024-2756: Move cookie integrity validation downwards...

6.5CVSS6.8AI score0.49336EPSS
Exploits2References1
OSV
OSV
added 2024/05/09 6:56 p.m.6 views

CLSA-2024-1715280966 php: Fix of 2 CVEs

CVE-2022-31629: Add cookie integrity validation - CVE-2024-2756: Move cookie integrity validation downwards...

6.5CVSS6.8AI score0.49336EPSS
Exploits2References1
OSV
OSV
added 2024/05/02 1:23 p.m.5 views

CVE-2024-23461

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4...

5.5CVSS5.8AI score0.0011EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/12/14 12:0 a.m.9 views

The vulnerability of the microprogramming software of the Ubiquiti airFiber AF2X Radio station lies in the improper validation of the integrity check value. This allows a perpetrator to execute a “man-in-the-middle” attack.

The vulnerability of the microprogramming software of the Ubiquiti airFiber AF2X radio station lies in the improper validation of the integrity check value. Exploiting this vulnerability could allow a malicious actor, operating remotely, to carry out a “man-in-the-middle” attack...

5.9CVSS6.2AI score0.00268EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2023/12/01 10:15 p.m.33 views

CVE-2023-44402

Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is specifi...

7CVSS0.00207EPSS
Exploits0References3
OSV
OSV
added 2023/12/01 9:45 p.m.26 views

CVE-2023-44402 ASAR Integrity bypass via filetype confusion in electron

Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is specifi...

6.1CVSS6.7AI score0.00207EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/12/01 12:0 a.m.5 views

PT-2023-29234 · Electron · Electron

Name of the Vulnerable Software and Affected Versions: Electron versions prior to 22.3.24 Electron versions prior to 24.8.3 Electron versions prior to 25.8.1 Electron versions prior to 26.2.1 Electron versions prior to 27.0.0-alpha.7 Description: This issue impacts Electron apps that have the...

7CVSS6.7AI score0.00207EPSS
Exploits0References10
CVE
CVE
added 2023/10/03 1:54 p.m.80 views

CVE-2023-4929

CVE-2023-4929 affects all firmware versions of the MOXA NPort 5000 Series due to improper validation of integrity checks during firmware updates/upgrades. This root cause — insufficient checks on firmware updates — could allow malicious modification of firmware and result in device takeover. The ...

8.8CVSS7.7AI score0.00262EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2023/08/23 12:49 a.m.42 views

Internet Bug Bounty: Dependency Policy Bypass via process.binding

A vulnerability was discovered in Node.js that allowed for the bypassing of permissions policies via the use of the process.binding API. This vulnerability allowed an attacker to run arbitrary code outside of the limits defined in a policy.json file. The vulnerability affected all users using the...

7.4AI score
Exploits0
Vulnrichment
Vulnrichment
added 2023/07/06 2:51 a.m.13 views

CVE-2023-30673

Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.230521 allows local attackers to delete arbitrary directory using directory junction...

5.5CVSS6.8AI score0.00111EPSS
Exploits0References1
OSV
OSV
added 2023/06/15 8:4 p.m.7 views

CLSA-2023-1686859492 php: Fix of 3 CVEs

CVE-2022-31628: Fix potential infinite recursion in phar wrapper when using quine gzip file - CVE-2022-31629: Add cookie integrity validation - CVE-2022-31631: Fix integer overflow that could cause PDO::quote to return an improperly quoted string...

9.1CVSS7AI score0.49336EPSS
Exploits2References1
OSV
OSV
added 2023/06/15 7:54 p.m.8 views

CLSA-2023-1686858853 php: Fix of 3 CVEs

CVE-2022-31628: Fix potential infinite recursion in phar wrapper when using quine gzip file - CVE-2022-31629: Add cookie integrity validation - CVE-2022-31631: Fix integer overflow that could cause PDO::quote to return an improperly quoted string...

9.1CVSS6.9AI score0.49336EPSS
Exploits2References1
NVD
NVD
added 2023/01/10 12:15 p.m.21 views

CVE-2022-38773

Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary cod...

6.8CVSS6AI score0.00293EPSS
Exploits0References2
OSV
OSV
added 2022/09/09 3:15 p.m.4 views

CVE-2022-39844

Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.22083 allows local attackers to delete arbitrary directory using directory junction...

7.1CVSS5.9AI score0.00149EPSS
Exploits0References1
Prion
Prion
added 2022/09/09 3:15 p.m.13 views

Input validation

Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.22083 allows local attackers to delete arbitrary directory using directory junction...

3.2CVSS6.8AI score0.00149EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/09/09 12:0 a.m.6 views

SAMSUNG Smart Switch PC 安全漏洞

SAMSUNG Smart Switch PC is a Windows software from Samsung South Korea. It is used for data transfer. A security vulnerability exists in SAMSUNG Smart Switch PC prior to version 4.3.22083, which stems from an improper validation of its integrity check that could be exploited by a local attacker t...

7.1CVSS7.2AI score0.00149EPSS
Exploits0References3
Fedora
Fedora
added 2022/07/04 1:35 a.m.27 views

[SECURITY] Fedora 36 Update: golang-github-theupdateframework-notary-0.7.0-6.fc36

The Notary project comprises a server and a client for running and interacting with trusted collections. See the service architecture documentation for more information. Notary aims to make the internet more secure by making it easy for people to publish and verify content. We often rely on TLS t...

9.3CVSS8.8AI score0.05994EPSS
Exploits4
NVD
NVD
added 2022/03/23 8:15 p.m.28 views

CVE-2021-27428

GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without...

9.8CVSS0.01163EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/02/09 11:37 p.m.39 views

Improper Validation of Integrity Check Value in TensorFlow

Impact The implementation of tf.sparse.split does not fully validate the input arguments. Hence, a malicious user can trigger a denial of service via a segfault or a heap OOB read: python import tensorflow as tf data = tf.random.uniform1, 32, 32, dtype=tf.float32 axis = 1, 2 x =...

7.8CVSS2.1AI score0.00174EPSS
Exploits0References5Affected Software3
CNVD
CNVD
added 2021/11/17 12:0 a.m.5 views

ASUS P453UJ Buffer Overflow Vulnerability

ASUS P453UJ is a BIOS firmware from Asus ASUS of Taiwan, China. The ASUS P453UJ suffers from a buffer overflow vulnerability that originates from a local attacker, with the permission of a regular user, who can modify the BIOS by replacing or padding the contents of the specified Memory DataBuffe...

7.1CVSS7.2AI score0.00198EPSS
Exploits0References1
Rows per page
Query Builder