Design/Logic Flaw

A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter 7.0.4.1 and 6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric...

UBUNTU-CVE-2022-44566

A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter 7.0.4.1 and 6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric...

CVE-2022-44566

A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter 7.0.4.1 and 6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric...

goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be

A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amou...

Vim 数字错误漏洞

Vim is a cross-platform text editor. A numeric error vulnerability exists in versions prior to Vim 9.0.1247, which stems from allowing values to be divided by zero...

Denial Of Service (DoS)

activerecord is vulnerable to Denial of Service DoS. The vulnerability exists in the PostgreSQL::Quoting function because values above a 64bit signed interger get treated as numeric which allows an attacker to cause an application crash...

The vulnerability of the Open vSwitch multi-level switch software, related to the loss of the significance of a whole number, allows an attacker to execute arbitrary code in the target system.

The vulnerability of the Open vSwitch multi-level switch lies in the loss of significance of a whole number during the analysis of Auto Attach TLV. Exploiting this vulnerability allows an attacker to send specially crafted LLDP messages to the vulnerable system, causing a full number of significa...

X.Org Server ProcXIChangeProperty Numeric Truncation Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling...

UBUNTU-CVE-2021-4238

Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by...

GoUtils 安全特征问题漏洞

GoUtils is Masterminds open source a library . It provides users with utility functions that manipulate strings in various ways. A security vulnerability exists in Masterminds goutils that stems from the fact that randomly generated alphanumeric strings contain much less entropy than expected, an...

Google Pixel 数字错误漏洞

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a numeric error vulnerability. No information about this vulnerability is available at this time, so stay tuned to CNNVD or the manufacturer's announcement...

Google Pixel 数字错误漏洞

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a numeric error vulnerability. No information about this vulnerability is available at this time, so stay tuned to CNNVD or the manufacturer's announcement...

Schneider Electric Product Numerical Error Vulnerability

The Schneider Electric Modicon M340 is a mid-range PLC programmable logic controller for industrial processes and infrastructure from Schneider Electric, France. The Schneider Electric product suffers from a numeric error vulnerability that originates from a memory access conflict, which can be...

Schneider Electric Modicon M340 数字错误漏洞

The Schneider Electric Modicon M340 is a mid-range PLC programmable logic controller for industrial processes and infrastructure from Schneider Electric, France. The Schneider Electric product suffers from a numeric error vulnerability that originates from a memory access conflict, which can be...

The vulnerability of the file system driver of the Microsoft Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the file system driver for the Microsoft Windows operating system is related to a numerical overflow condition. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created ISO file...

The vulnerability of the gst_matroska_decompress_data function in the Gstreamer multimedia framework, which allows a hacker to cause a service failure

The vulnerability of the gstmatroskadecompressdata function in the Gstreamer multimedia framework is caused by a numerical overflow. Exploiting this vulnerability can allow an attacker to cause a service failure...

Hardening of TypedArrays with non-canonical numeric property names in SES

Impact What kind of vulnerability is it? Who is impacted? In Hardened JavaScript, programs can harden objects to safely share objects with co-tenant programs without risk of these other programs tampering with their API surface. Hardening does not guarantee that objects are pure or immutable, so ...

Azure RTOS USBX 数字错误漏洞

Azure RTOS USBX is a USB host, device, and mobile OTG embedded stack for Azure RTOS open source. Fully integrated with Azure RTOS ThreadX, it is available for all processors that support Azure RTOS ThreadX. A numeric error vulnerability exists in Azure RTOS USBX versions prior to 6.1.12, which...

Active eCommerce CMS 6.3.0 Arbitrary File Download

Exploit Title: Active eCommerce CMS Arbitrary File Download Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/active-ecommerce-cms/23471405 Version: Version 6.3.0 Tested on Ubuntu 18.04 without authentication with for loop user can downlo...

Active eCommerce CMS 6.3.0 Arbitrary File Download Vulnerability

Exploit Title: Active eCommerce CMS Arbitrary File Download Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/active-ecommerce-cms/23471405 Version: Version 6.3.0 Tested on Ubuntu 18.04 without authentication with for loop user can downlo...