CVE-2021-22400

CVE-2021-22400 affects Huawei OxfordS-AN00A smartphones (listed firmware versions such as 10.0.1.10, 10.0.1.105, 10.0.1.115, 10.0.1.123, 10.0.1.135, 10.0.1.152, 10.0.1.160, 10.0.1.167, 10.0.1.173, 10.0.1.178, 10.1.0.202). The root cause is insufficient input/parameter validation (missing paramete...

多款Qualcomm产品输入验证错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and is often fabricated on the surface of semiconductor wafers. A security vulnerability exists in Qualcomm chips that stems from improper...

_token parameter not validated

Handle pauliax Vulnerability details Impact function depositProtocolBalance does not validate the token, nor the caller. It is possible to call this function passing any arbitrary token and amount values and thus artificially increasing protocolBalance which may lead to further failed computation...

Pillow 缓冲区错误漏洞

Pillow is a Python-based image processing library. A buffer overflow vulnerability exists in Pillow, which stems from the failure of the product's convert.c to validate the security of parameters, and could be exploited to trigger a denial of service or remote code execution by triggering a buffe...

CVE-2021-36129

An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups' metadata...

CVE-2021-36129

An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups' metadata...

Code injection

An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups' metadata...

CVE-2021-36129

An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups' metadata...

Google TensorFlow suffers from an unspecified vulnerability (CNVD-2021-46660)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in TensorFlow 2.4.2,2.3.3,2.2.3,2.1.4, which stems from a lack of validation between the parameters tf.rawops.Conv3DBackprop. This results in a heap buffer...

Unspecified Vulnerability in ezPDF

ezPDF is a cell phone PDF reader. It can help users to search for all PDF files in the phone, and can help users quickly open these PDF files to view. There is a security vulnerability in ezPDF that stems from memory corruption caused by insufficient parameter validation. Currently there is no...

Helpcom Input Validation Error Vulnerability

Helpcom is an application of Helpcom Korea, Inc. which provides remote control services. a security vulnerability exists in Helpcom, which stems from insufficient parameter validation. An attacker could exploit the vulnerability to execute arbitrary commands...

Huawei Smartphone 安全漏洞

Huawei Smartphone is a smartphone from Chinese company Huawei Huawei. Huawei HarmonyOS Some Huawei products have a security vulnerability due to failure to validate parameters...

CVE-2020-7870

A memory corruption vulnerability exists when ezPDF improperly handles the parameter. This vulnerability exists due to insufficient validation of the parameter...

CVE-2020-7870

CVE-2020-7870 affects ezPDF with a memory corruption vulnerability caused by insufficient validation of a parameter. The Red Hat, NVD, CNVD, and other entries confirm the issue, describing memory corruption when ezPDF improperly handles the parameter. The Connected documents do not provide specif...

CVE-2020-7870

A memory corruption vulnerability exists when ezPDF improperly handles the parameter. This vulnerability exists due to insufficient validation of the parameter...

CVE-2020-7871

A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of the parameter. This issue affects: Cnesty Helpcom 10.0 versions prior to...

ezPDF 缓冲区错误漏洞

ezPDF is a cell phone PDF reader. It can help users to search for all PDF files in the phone, and can help users quickly open these PDF files to view. There is a security vulnerability in ezPDF that stems from memory corruption caused by insufficient parameter validation. Currently there is no...

Helpcom 输入验证错误漏洞

Helpcom is an application of Helpcom Korea, Inc. which provides remote control services. a security vulnerability exists in Helpcom, which stems from insufficient parameter validation. An attacker could exploit the vulnerability to execute arbitrary commands...

CVE-2020-27339

CVE-2020-27339 affects InsydeH2O kernel 5.x, where several SMM drivers (AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, SdMmcDeviceDxe) fail to validate the CommBuffer and CommBufferSize, allowing memory corruption of firmware or OS memory. The issue is fixed in kernel 5.1–5.5 with specifi...

Cisco Small Business 200 Series Managed Switches 跨站脚本漏洞

Cisco Small Business 200 Series Managed Switches is a 200 Series managed switch from Cisco, Inc. A cross-site scripting vulnerability exists in Cisco Small Business 220 Series Smart Switches, which stems from improperly checking the value of a parameter on an affected page. An attacker could use...