streamlit-geospatial 安全漏洞

streamlit-geospatial is an Open Geospatial Solutions open source streamlit multi-page application for geospatial applications. A security vulnerability exists in streamlit-geospatial, which originates in pages/1? The visparams variable in Timelapse.py accepts user input that is then used in the...

CVE-2023-52291

CVE-2023-52291 concerns Apache StreamPark. The vulnerability stems from lax validation of maven build parameters in the StreamPark project module, allowing command injection when the input parameter < is used (for example, < (curl http://xxx.com)). An attack requires the user to be logged i...

Path Traversal

@jmondi/url-to-png is vulnerable to Path Traversal. The vulnerability is due to the lack of proper sanitization or validation of the ImageId input within extractqueryparams.ts, which allows an attacker to store an image in an arbitrary location that the server has permission to access...

Malicious code in ez-get-url-params (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2353 Malicious code in ez-get-url-params (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2021-47443 NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()

In the Linux kernel, the following vulnerability has been resolved: NFC: digital: fix possible memory leak in digitaltglistenmdaa 'params' is allocated in digitaltglistenmdaa, but not free when digitalsendcmd failed, which will cause memory leak. Fix it by freeing 'params' if digitalsendcmd retur...

DEBIAN-CVE-2023-52866

In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Fix user-memory-access bug in uclogicparamsugeev2initeventhooks When CONFIGHIDUCLOGIC=y and CONFIGKUNITALLTESTS=y, launch kernel and then the below user-memory-access bug occurs. In...

kernel: Bluetooth: use RCU for hci_conn_params and iterate safely in hci_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use RCU for hciconnparams and iterate safely in hcisync hciupdateacceptlistsync iterates over hdev-pendleconns and hdev-pendlereports, and waits for controller events in the loop body, without holding hdev lock...

CVE-2024-27226

In tmuconfiggovparams of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-1633 FIP Header Integer Overflow

During the secure boot, bl2 the second stage of the bootloader loops over images defined in the table “bl2memparamsdescs”. For each image, the bl2 reads the image length and destination from the image’s certificate. Because of the way of reading from the image, which base on 32-bit unsigned integ...

PT-2024-18181 · Bl2 · Bl2

Name of the Vulnerable Software and Affected Versions: Bootloader versions c2f286820471ed276c57e603762bd831873e5a17 and later Description: The issue occurs during the secure boot process, where the second stage of the bootloader, bl2, loops over images defined in the table "bl2 mem params descs"...

Hardcoded credentials

A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the component API. The manipulation of the argument JWTKEYADMIN leads to use of hard-coded cryptographic k...

PT-2024-17664 · Juanpao · Juanpao Jpshop

Name of the Vulnerable Software and Affected Versions: Juanpao JPShop versions up to 1.5.02 Description: A vulnerability was found in the API component of Juanpao JPShop, specifically in the file api/config/params.php. The manipulation of the JWT KEY ADMIN argument leads to the use of a hard-code...

copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes and crash because of a missing param_kernel->data_size check. This is related to ctl_ioctl.

...

The vulnerability of the copy_params function in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the copyparams function in the Linux operating system’s kernel involves unlimited distribution of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...

Motorola MR2600 Command Injection Vulnerability

The Motorola MR2600 is a wireless router from Motorola, Inc. A security vulnerability exists in the Motorola MR2600 due to a command injection vulnerability in the "SaveSysLogParams" parameter...

PT-2024-2670 · Yasm +2 · Yasm +2

Name of the Vulnerable Software and Affected Versions: YASM version 1.3.0.86.g9def Description: The issue in YASM is related to the expand mmac params function, which is associated with an uncontrolled consumption of resources. Exploitation of this issue may allow an attacker to cause a denial of...

marginTo when opening a position increases slippage

Lines of code Vulnerability details Impact Providing marginTo when opening position will not increase premium but be stolen by MeV. This can be mitigated by providing amountOutMin in swap params but the protocol should guarantee proper swap. Proof of Concept When opening a position a borrower can...

GHSA-X3V3-8XG8-8V72 Sentry's Astro SDK vulnerable to ReDoS

Impact A ReDoS Regular expression Denial of Service vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading to denial of service DoS. Applications that are...

kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params()

A flaw was found in the Linux kernel’s IP framework for transforming packets XFRM subsystem. This issue may allow a malicious user with CAPNETADMIN privileges to directly dereference a NULL pointer in xfrmupdateaeparams, leading to a possible kernel crash and denial of service...