6348 matches found
Arbitrary File Override in Docker Engine
Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...
Basis points constant BPS_MAX is used as minimal fee amount requirement
Lines of code Vulnerability details Impact Base fee modules require minimum fixed fee amount to be at least BPSMAX, which is hard coded to be 10000. This turns out to be a functionality restricting requirement for some currencies. For example, WBTC , 10 in ERC20 token rankings, has decimals of 8...
Reentrancy allows commenter to overwrite own comments
Lines of code Vulnerability details Since the Lens platform is a blockchain-based social media platform, it's important that information relevant to users be emitted so that light clients need not continually refer to the blockchain, which can be expensive. From the docs: Events are emitted at...
GHSA-V8WR-R69P-MMWX Unrestricted Upload of File with Dangerous Type in Drupal core
Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the si...
CVE-2021-22787
A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X80 Ethernet...
CVE-2021-22788
A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X80 Ethernet Communication Modules:...
CVE-2021-22787
A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X80 Ethernet...
Out-of-bounds
A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X80 Ethernet Communication Modules:...
Information disclosure
A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X...
CVE-2021-22788
A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X80 Ethernet Communication Modules:...
com.soterianetworks:spase-cipped (>=0.9.17 <=0.9.46), com.soterianetworks:spase-cipped-starter (>=0.9.17 <=0.9.46) +47 more potentially affected by CVE-2019-11343 via org.torpedoquery:org.torpedoquery (>=1.7.0 <=2.5.1)
org.torpedoquery:org.torpedoquery MAVEN version =1.7.0, =0.9.17, =0.9.17, =0.9.0, =0.9.0, =3.11.0, =3.11.0, =3.11.0, =3.11.0, =3.11.0, =3.11.0, =3.12.2 - de.alpharogroup:dating-system-business =3.11.0 - de.alpharogroup:dating-system-domain =3.11.0 - de.alpharogroup:dating-system-init =3.11.0 -...
org.eclipse.hono:client-device-connection-infinispan (>=1.2.0 <=1.12.3), org.eclipse.hono:hono-adapter-amqp-vertx (>=0.7 <=1.12.3) +67 more potentially affected by CVE-2020-27217 via org.eclipse.hono:hono-core (>=0.5 <=1.4.0)
org.eclipse.hono:hono-core MAVEN version =0.5, =1.2.0, =0.7, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.4.0, =0.8-M11, =0.8-M11, =1.10.0, =0.5, =0.5, =1.10.0, =0.5, =1.0-M5, =1.12.3 and more Source cves: CVE-2020-27217 Source advisory: OSV:GHSA-9F52-HPVW-V96W...
LDAP-Password-Hunter - Password Hunter In The LDAP Infamous Database
It happens that due to legacy services requirements or just bad security practices password are world-readable in the LDAP database by any user who is able to authenticate. LDAP Password Hunter is a tool which wraps features of getTGT.py Impacket and ldapsearch in order to look up for password...
arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-23575 via tensorflow-gpu (>=1.10.1 <=2.5.1)
tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-23575 Source advisory: OSV:GHSA-C94W-C95P-PHF8...
arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-21740 via tensorflow-gpu (>=1.10.1 <=2.5.1)
tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-21740 Source advisory: OSV:GHSA-44QP-9WWF-734R...
arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-21738 via tensorflow-gpu (>=1.10.1 <=2.5.1)
tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-21738 Source advisory: OSV:GHSA-X4QX-4FJV-HMW6...
arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-23589 via tensorflow-gpu (>=1.10.1 <=2.5.1)
tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-23589 Source advisory: OSV:GHSA-9PX9-73FG-3FQP...
arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-21726 via tensorflow-gpu (>=1.10.1 <=2.5.1)
tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-21726 Source advisory: OSV:GHSA-23HM-7W47-XW72...
Mitsubishi Electric MELSEC-Q Series and MELSEC-L Series CPU Modules Uncontrolled Resource Consumption (CVE-2019-13555)
In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior,...
Schneider Electric Web Server on Modicon M340 Out-of-Bounds Write (CVE-2020-7563)
A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules see notification for details which could cause corruption of data, a crash, or code execution when uploading a specially crafted...