CVE-2023-0215

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...

User is unable to remove delegation and transfer NFT

Lines of code Vulnerability details Impact The transferFrom in VoteEscrowDelegation.sol should be change to an external function. Currently, the function is unable to be called by any user since it is an internal function and there's no call to the function from another Golom contract. With above...

Div by 0

Lines of code Vulnerability details Division by 0 can lead to accidentally revert, An example of a similar issue - code-423n4/2021-10-defiprotocol-findings84 https://github.com/code-423n4/2022-03-volt/tree/main/contracts/utils/Deviation.solL23 a might be 0 It's internal function but since it is...

WrappedIbbtcEth.sol Sanity check of pricePerShare should be enforced

Handle WatchPug Vulnerability details /// @dev Update live ibBTC price per share from core /// @dev We cache this to reduce gas costs of mint / burn / transfer operations. /// @dev Update function is permissionless, and must be updated at least once every X time as a sanity check to ensure value ...

NewStart CGSL CORE 5.04 / MAIN 5.04 : ipa Multiple Vulnerabilities (NS-SA-2020-0013)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ipa packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA master...

PT-2019-6240 · Nlnet +6 · Ldns +6

Name of the Vulnerable Software and Affected Versions: ldns version 1.7.1 Description: The issue is related to a heap out of bounds read in the ldns rr new frm str internal function when verifying a zone file. This allows an attacker to leak information on the heap by constructing a zone file...

PT-2023-15452 · Unknown +1 · Gpac Mp4Box +1

Name of the Vulnerable Software and Affected Versions: GPAC MP4box version 2.1-DEV-rev617-g85ce76efd Description: The issue is related to a Buffer Overflow in the gf hevc read sps bs internal function of media tools/av parsers.c at line 8273. Recommendations: For GPAC MP4box version...

Buffalo TS5600D1206 Access Control Error Vulnerability (CNVD-2019-00678)

The Buffalo TS5600D1206 is a network storage device from the Buffalo Group of Japan. An access control error vulnerability exists in the nasapi in the Buffalo TS5600D1206 version 3.61-0.10, which can be exploited by an attacker to call a dangerous internal function with the 'method' parameter...

CVE-2016-9594

CVE-2016-9594 affects curl/libcurl from 7.52.0, where an internal function intended to return a 32-bit random value could overwrite the destination pointer, yielding weak/non-random nonces for Digest/NTLM and related HTTP form data. This enabled potential remote code execution via crafted input. ...

CVE-2016-9594

curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable...

Fedora 23 : php-ZendFramework2 / php-zendframework-zendxml (2016-8952105d59)

" 2.4.10 2016-05-09 - Fix HeaderValue throwing an exception on legal characters 2.4.9 2015-11-23 SECURITY UPDATES - ZF2015-09: Zend\Captcha\Word generates a 'word' for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this vulnerability announcement, the...

[SECURITY] [DLA 491-1] postgresql-9.1 bugfix update

Package : postgresql-9.1 Version : 9.1.22-0+deb7u1 The PostgreSQL project released a new version of the PostgreSQL 9.1 branch: Clear the OpenSSL error queue before OpenSSL calls, rather than assuming its clear already; and make sure we leave it clear afterwards Peter Geoghegan, Dave Vitek, Peter...

MS15-058: Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718) (uncredentialed check)

The remote Microsoft SQL Server installation is affected by multiple vulnerabilities : - A privilege escalation vulnerability exists due to the casting of pointers to an incorrect class. An authenticated, remote attacker can exploit this, via a specially crafted SQL query, to gain elevated...

Cisco AnyConnect Secure Mobility Client Elevation of Privilege Vulnerability (CNVD-2015-03595)

Cisco AnyConnect Secure Mobility Client is Cisco's next-generation VPN client. A security vulnerability exists in the Cisco AnyConnect Secure Mobility Client for Linux code due to a failure in the correct implementation of an internal function, which can be exploited by a local attacker to gain...

(Plone): Partial denial of service through internal function

It was discovered that Plone, included as a part of luci, did not properly handle the processing of very large values passed to an internal utility function. A remote attacker could use a specially crafted URL that, when processed, would lead to excessive memory consumption...

Design/Logic Flaw

The 1 trim, 2 ltrim, 3 rtrim, and 4 substrreplace functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents by causing a userspace interruption of an internal function, related to the call time pass by reference...

CVE-2010-1915

The pregquote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information memory contents by causing a userspace interruption of an internal function, related to the call time pass by reference feature, modification of ZVALs whose...

junkbuster -- heap corruption vulnerability and configuration modification vulnerability

A Debian advisory reports: James Ranson discovered that an attacker can modify the referrer setting with a carefully crafted URL by accidently overwriting a global variable. Tavis Ormandy from the Gentoo Security Team discovered several heap corruptions due to inconsistent use of an internal...

Nessus Internal: Put cgibin() in the KB

This plugin puts the content of cgibin in the KB so that the function cgidirs can work properly. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10308; scriptversion "$Revision: 1.8 $"; scriptcvsdate"$Date: 2011/03/17 18:46:05 $"; scriptnameenglish:"Nessus Internal: Pu...