1085 matches found
The vulnerability of the XAUTOCLAIM command implementation in the Redis database management system allows a hacker to execute arbitrary code.
The vulnerability of the XAUTOCLAIM command in the Redis database management system is related to a numerical overflow when processing the COUNT argument. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
CVE-2022-36025
Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations including DELEGATECALL results in...
CVE-2022-36025
Besu (Java-based Ethereum client) contains a numeric conversion bug in gas calculation for CALL/DELEGATECALL, affecting versions after 22.1.3 and before 22.7.1. The error in 32-bit signed/unsigned arithmetic can pass incorrect gas to called contracts and return gas, potentially causing a differin...
CVE-2022-36025 Incorrect Conversion between Numeric Types in Besu Ethereum Client
Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations including DELEGATECALL results in...
WhatsApp 数字错误漏洞
WhatsApp is a suite of mobile applications from the American company WhatsApp that use the Internet to send text messages. The application uses the contact information in a smartphone to find contacts using the program to send texts, pictures, etc. WhatsApp suffers from a numeric error...
tesseract 数字错误漏洞
tesseract is an open source OCR Optical Character Recognition engine. A numeric error vulnerability exists in the Leptonica linked library v1.79.0 in tesseract v5.0.0, which can be exploited by an attacker to cause an arithmetic anomaly via a specially crafted JPEG file, leading to a denial of...
CVE-2022-2939
The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.0, that makes user enumeration possible. This is due to improper validation on the value supplied through the 'author' parameter found in the /cerber-load.php file. In...
Input validation
The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.0, that makes user enumeration possible. This is due to improper validation on the value supplied through the 'author' parameter found in the /cerber-load.php file. In...
CVE-2022-2939 WP Cerber Security <= 9.0 - User Enumeration Bypass
The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.0, that makes user enumeration possible. This is due to improper validation on the value supplied through the 'author' parameter found in the /cerber-load.php file. In...
Google Android 数字错误漏洞
Google Android is a Linux-based open source operating system from the American company Google. A numeric error vulnerability exists in Google Android. No information about this vulnerability is available at this time, so stay tuned to CNNVD or vendor announcements...
Exploit for Incorrect Conversion between Numeric Types in Linux Linux_Kernel
CVE-2022-2639 using pipe primitive CVE-2022-2639https://...
Softing Secure Integration Server 数字错误漏洞
Softing Secure Integration Server is a secure integration server from Softing Germany. It provides a powerful OPC UA data integration layer and supports interface abstraction, aggregation, data preprocessing, and security supervision. A numeric error vulnerability exists in Softing Secure...
vim: Out-of-range Pointer Offset
A vulnerability was found in Vim. The issue occurs when using a number in a string for the lambda name, triggering an out-of-range pointer offset vulnerability. This flaw allows an attacker to trick a user into opening a crafted script containing an argument as a number and then using it as a...
jsrsasign 数据伪造问题漏洞
The jsrsasign package is an open source cryptographic library from the individual developer Kenji Urashima in Japan. A security vulnerability exists in jsrsasign versions prior to 10.5.25, which stems from a vulnerability to incorrect validation of cryptographic signatures when JWS or JWT...
The vulnerability of the ext4_mount function in the Cboot module of the NVIDIA Jetson embedded software driver package allows a attacker to execute arbitrary code, gain elevated privileges, or cause partial service failure.
The vulnerability of the ext4mount function in the Cboot module of the NVIDIA Jetson software driver suite is related to a numerical overflow issue. Exploiting this vulnerability could allow an attacker to execute arbitrary code, gain elevated privileges, or cause partial service interruptions...
Denial Of Service (DoS)
github.com/apple/swift-corelibs-foundation is vulnerable to denial of service. The vulnerability exists in unwrapFixedWidthInteger function in JSONDecoder.swift because the decoder uses mismatches accessors on NSNumber for numeric conversion which causes an application crash...
grub2 数字错误漏洞
grub2 is a Linux system boot program from the American GNU community. A numeric error vulnerability exists in grub2 that stems from a grubnetrecvip4packets integer underflow...
Tuxera NTFS-3G numeric error vulnerability
Tuxera NTFS-3G is an open source, cross-platform set of drivers from Tuxera Finland for supporting read and write NTFS partitions.Tuxera NTFS-3G suffers from a numeric error vulnerability that originates from integer underflow in fuselibreaddir, which can be exploited by attackers to cause...
Information Disclosure
Vaadin-grid-flow is vulnerable to information disclosure. The vulnerability exists in treegrid component due to the use of a numeric incremental id as a key for grid items on client side which allows an attacker to get access to sensitive information...
Google TensorFlow Input Validation Error Vulnerability (CNVD-2022-44209)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. An input validation error vulnerability exists in Google TensorFlow versions prior to 2.9.0, prior to 2.8.1, prior to 2.7.2, and prior to 2.6.4, which stems from the presence of a non-numeric...