CVE-2017-20160 flitto express-param fetchParams.js parameter pollution

A vulnerability was found in flitto express-param up to 0.x. It has been classified as critical. This affects an unknown part of the file lib/fetchParams.js. The manipulation leads to improper handling of extra parameters. It is possible to initiate the attack remotely. Upgrading to version 1.0.0...

CVE-2017-20160

CVE-2017-20160 affects flitto express-param up to 0.x, due to improper handling of extra parameters in lib/fetchParams.js. The issue can be exploited remotely, and upgrading to version 1.0.0 addresses it; the patch is identified as db94f7391ad0a16dcfcba8b9be1af385b25c42db (VDB-217149).

PT-2022-8025 · Unknown · Express-Param

Name of the Vulnerable Software and Affected Versions: flitto express-param versions up to 0.x Description: A critical issue affects an unknown part of the file lib/fetchParams.js, leading to improper handling of extra parameters. The manipulation can be initiated remotely. Upgrading to version...

kernel: LSM: general protection fault in legacy_parse_param

In the Linux kernel, the following vulnerability has been resolved: LSM: general protection fault in legacyparseparam The usual LSM hook "bail on fail" scheme doesn't work for cases where a security module may return an error code indicating that it does not recognize an input. In this particular...

PT-2022-36753 · Git +1 · Opensis

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow read issue is reported, with a crash type indicating a heap-buffer-overflow READ 1. The crash state involves functions such as par...

CVE-2022-32574

A double-free vulnerability exists in the web interface /action/ipcamSetParamPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corruption. An attacker can make an authenticated HTTP request to trigger this...

DEBIAN-CVE-2022-3625

A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlinkparamset/devlinkparamget of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The...

CVE-2022-3625

A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlinkparamset/devlinkparamget of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The...

CVE-2022-42488

OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services...

CVE-2022-42488

OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services...

Input validation

OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services...

CVE-2022-42488

OpenHarmony CVE-2022-42488 affects OpenHarmony versions 3.1.2 and earlier. The root cause is missing permission validation in the param service of the startup subsystem, which could let a malicious app elevate privileges to root, disable security features, or cause denial of service by stopping s...

CVE-2022-2025

an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access...

CVE-2022-2070

In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the...

Design/Logic Flaw

In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the...

CVE-2022-2025

CVE-2022-2025 affects Grandstream GSD3710 devices with firmware 1.0.11.13 and earlier. The vulnerability is a stack-based buffer overflow caused by not validating the length of parameters before using strcpy, allowing an attacker who knows valid user credentials to overflow the stack and potentia...

The vulnerability of the `cgroup1_parse_param` function in the kernel/cgroup/cgroup-v1.c file of the Linux operating system allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the cgroup1parseparam function in the kernel/cgroup/cgroup-v1.c file of the Linux operating system is related to the lack of checks to ensure that the source parameter is indeed a string. Exploiting this vulnerability could allow an attacker to access confidential data,...

OSV-2022-840 Negative-size-param in wc_Sha3_256_Final

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50953 Crash type: Negative-size-param Crash state: wcSha3256Final wcHash wcRsaPadex...

OSV-2022-815 Negative-size-param in PackChunkyBytes

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50832 Crash type: Negative-size-param Crash state: PackChunkyBytes PrecalculatedXFORM cmsDoTransform...

CVE-2022-36510

H3C GR2200 MiniGR1A0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList...