893 matches found
VulnCheck KEV: CVE-2022-46381
Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter e.g., to the badging/badgetemplatev0.php component. This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e...
Adobe Premiere Pro Post-Release Reuse Vulnerability
Adobe Premiere Pro is a set of non-linear editing video editing software from the American company Audobee Adobe. Adobe Premiere Pro suffers from a post-release reuse vulnerability that can be exploited by an attacker to execute code in the context of the current user...
Adobe Premiere Pro Uninitialized Pointer Access Vulnerability
Adobe Premiere Pro is a set of non-linear editing video editing software from the American company Audobee Adobe. Adobe Premiere Pro has an uninitialized pointer access vulnerability that can be exploited by an attacker to obtain sensitive information...
Adobe Premiere Pro Out-of-Bounds Read Vulnerability (CNVD-2023-95448)
Adobe Premiere Pro is a set of non-linear editing video editing software from the American company Audobee Adobe. Adobe Premiere Pro suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current user...
Adobe Premiere Pro Out-of-Bounds Read Vulnerability (CNVD-2023-95449)
Adobe Premiere Pro is a set of non-linear editing video editing software from the American company Audobee Adobe. Adobe Premiere Pro suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current user...
getRSETHPrice formula is wrong
Lines of code Vulnerability details Impact While auditing the getRSETHPrice function i've indicated a dynamic but non-linear relationship between the supply of the RSETH token and its price.An increase in RSETH supply is associated with an increase in the price of RSETH. Proof of Concept Let's...
The vulnerability of the software-hardware platform for access control in Linear E3 eMerge, related to the lack of measures taken to protect the website structure, allows a hacker to carry out XSS attacks.
The vulnerability of the software-hardware platform for access control in Linear E3 eMerge is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to carry out XSS attacks remotely...
VulnCheck KEV: CVE-2019-7254
Linear eMerge E3-Series devices allow File Inclusion...
Enough Polynomials and Linear Algebra to Implement Kyber
I was once talking with a mathematician and trying to explain elliptic curve cryptography. Eventually, something clicked and they went "oh, that! I think there was a chapter about it in the book. You made a whole field out of it?" Yes, in cryptography we end up focusing on a very narrow slice of...
CVE-2015-20110
JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...
ROS-20231030-02
A vulnerability in the Django web application software platform, is related to regular expressions for text clipping that have linear backtrack complexity, which can be slow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service with certain HTML...
Delegation empowers more voting weight than expected
Lines of code Vulnerability details Description and Impact The user's voting power decreases linearly from the moment of the lock. To prevent this decrease, users can delegate their voting power to a new wallet. Here is an example scenario illustrating this: 1. The user owns two wallets, Wallet A...
Lack of protection when caling CusdcV3Wrapper._withdraw
Lines of code Vulnerability details Impact When unwrapping the wComet to its rebasing comet, users with an equivalent amount of wComet invoking CusdcV3Wrapper.withdraw at around the same time could end up having different percentage gains because comet is not linearly rebasing. Moreover, the...
Subsequent liquidity providers will suffer from the loss of funds
Lines of code Vulnerability details Impact When adding liquidity, lpAmountOut is calculated using the formula: calcLpTokenSupplywellFunction, reserves - totalSupply. function calcLpTokenSupply Call memory wellFunction, uint256 memory reserves internal view returns uint256 lpTokenSupply...
kernel: tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts.
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctltcpthinlineartimeouts. While reading sysctltcpthinlineartimeouts, it can be changed concurrently. Thus, we need to add READONCE to its reader...
Nortek Linear eMerge Detection
Binary data linearemergedetect.nbin...
Updated libheif packages fix security vulnerability
Vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call. CVE-2023-0996...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS due to a floating point exception in TensorListSplit with XLA. PoC import tensorflow as tf func = tf.rawops.TensorListSplit para = 'tensor': 1, 'elementshape': -1, 'lengths': 0 @tf.functionjitcompile=True def...
AZL-35321 CVE-2023-25676 affecting package tensorflow for versions less than 2.11.1-1
TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, tf.rawops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1...
AZL-35318 CVE-2023-25673 affecting package tensorflow for versions less than 2.11.1-1
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...