CVE-2022-30687

Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files...

CVE-2022-30687

Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files...

Spoofing

Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files...

CVE-2022-30687

Trend Micro Maximum Security 2022 is vulnerable to a link-following vulnerability in the Secure Erase feature. A local, low-privileged attacker can manipulate a user-supplied link during file access to delete arbitrary files. Root cause: improper validation of the link prior to file operations. A...

CVE-2022-30687

Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files...

PT-2022-19444 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4 Description: The implementation of tf.raw ops.QuantizeAndDequantizeV4Grad does not fully validate the...

UBUNTU-CVE-2022-22976

Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor 31, the encoder does not perform any salt rounds, due to an integer overflow error. The default...

CVE-2022-22976

Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor 31, the encoder does not perform any salt rounds, due to an integer overflow error. The default...

CVE-2022-22976

A flaw was found in Spring Framework. The encoder does not perform any salt rounds when using the BCrypt class with the maximum work factor 31 due to an integer overflow error...

Withdraw all with amount: type(uint256).max in native token (ETH) will always revert

Lines of code Vulnerability details if amount == typeuint256.max uint256 decimal = IERC20Detailedasset.decimals; amount = amountToWithdraw.multhis.pricePerShare.div10decimal; Per the comment: The asset address for collateral asset = 0x0000000000000000000000000000000000000000 means to use ETH as...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1605 more potentially affected by CVE-2017-1000355 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.46.1)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2017-1000355 Source advisory: OSV:GHSA-4466-8JM4-448P...

Add max fee in setFee and emit event

Lines of code Vulnerability details Impact Malicious owner can steal all ETH of a sell. Proof of Concept The function setFeeCallyNFT.sol is critical as it set the amount of ETH that the protocol will receive. A malicious owner can set the fee to 1e18 and all ETH after exercise will go to the owne...

Integer Overflow or Wraparound in JBCrypt

Integer overflow in the cryptraw method in the key-stretching implementation in JBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent...

Trend Micro Maximum Security 后置链接漏洞

Trend Micro Maximum Security is a set of computer security protection software from Trend Micro. The software includes virus detection, malware protection, and authentication protection. Trend Micro Maximum Security suffers from a back-link vulnerability that originates from an insecure link trac...

CVE-2022-30592

liblsquic/lsquicqenchdl.c in LiteSpeed QUIC aka LSQUIC before 3.1.0 mishandles MAXTABLECAPACITY...

dotnet: excess memory allocation via HttpClient causes DoS

A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient...

LiteSpeed QUIC 代码问题漏洞

LiteSpeed QUIC LSQUIC is an open source implementation of QUIC and HTTP/3 functionality for servers and clients from LiteSpeed USA. A security vulnerability exists in LiteSpeed QUIC versions prior to 31.0 that stems from liblsquic/lsquicqenchdl.c incorrectly handling MAXTABLECAPACITY...

kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free

An out-of-bounds OOB memory access flaw was found in net/core/filter.c in bpfskbmaxlen in the Linux kernel. A missing sanity check to the current MTU check may allow a local attacker with special user privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal...

Creator of the contract could front run tax per capita to 100% of Yield rewards

Lines of code Vulnerability details Impact Contract creator could steal all rewards using frontrunning Proof of Concept When a yield pool is created pool tax is set equal to global tax and funds are sent into the contract to pay for rewards. The contract creator could set tax to 100% in a...

CVE-2022-20679

A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. This vulnerability is due to buffer exhaustion that occurs while traffic on a configured...