CVE-2023-36386

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.0, RUGGEDCOM ROX MX5000RE All versions V2.16.0, RUGGEDCOM ROX RX1400 All versions V2.16.0, RUGGEDCOM ROX RX1500 All versions V2.16.0, RUGGEDCOM ROX RX1501 All versions V2.16.0, RUGGEDCOM ROX RX1510 All versions V2.16.0...

Google Pixel 安全漏洞

Google Pixel is a smartphone from Google, Inc USA. A security vulnerability exists in Google Pixel, which originates in parseSecurityParamsFromXml in XmlUtil.java, where file encryption may fail due to a competitive condition, which could lead to local information disclosure...

H3C Magic R300 缓冲区错误漏洞

The H3C Magic R300 is a wireless router from China's Xinhua San H3C. The H3C Magic R300 suffers from a stack overflow vulnerability that is caused by incorrect boundary checking of the UpdateWanParams interface on /goform/aspForm. An attacker can exploit this vulnerability to cause a buffer...

PT-2023-24419 · H3C · H3C Magic R300

Name of the Vulnerable Software and Affected Versions: H3C Magic R300 version R300-2100MV100R004 Description: A stack overflow issue was discovered via the UpdateWanParams interface at the "/goform/aspForm" API endpoint. This issue affects the H3C Magic R300 device. Recommendations: For H3C Magic...

Malicious code in uurl-search-params (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4d4a4d5977377ebf7c79b1bcb7c824cb6f1bb64c2151b065d2e189c27638d15d The OpenSSF Package Analysis project identified 'uurl-search-params' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2023-1333 Malicious code in uurl-search-params (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4d4a4d5977377ebf7c79b1bcb7c824cb6f1bb64c2151b065d2e189c27638d15d The OpenSSF Package Analysis project identified 'uurl-search-params' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to a segmentation violation via the expandmmacparams function in the /nasm/nasm-pp.c file. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended...

SUSE CVE-2023-31973

yasm v1.3.0 was discovered to contain a use after free via the function expandmmacparams at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy...

DEBIAN-CVE-2023-31723

yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function expandmmacparams at /nasm/nasm-pp.c...

AZL-35390 CVE-2023-31723 affecting package yasm 1.3.0-17

yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function expandmmacparams at /nasm/nasm-pp.c...

UBUNTU-CVE-2023-31725

yasm 1.3.0.55.g101bc was discovered to contain a heap-use-after-free via the function expandmmacparams at yasm/modules/preprocs/nasm/nasm-pp.c...

UBUNTU-CVE-2023-31723

yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function expandmmacparams at /nasm/nasm-pp.c...

yasm 安全漏洞

yasm is a completely rewritten Netwide assembler from the yasm open source. A security vulnerability exists in yasm version 1.3.0.55.g101bc, which stems from a segmentation violation via the inclusion of the function expandmmacparams in /nasm/nasm-pp.c. The vulnerability is caused by the inclusio...

PT-2023-23437 · Yasm +1 · Yasm +1

Name of the Vulnerable Software and Affected Versions: yasm version 1.3.0.55.g101bc Description: A heap-use-after-free issue was discovered in yasm via the function expand mmac params at yasm/modules/preprocs/nasm/nasm-pp.c. Recommendations: For yasm version 1.3.0.55.g101bc, as a temporary...

PT-2023-23435 · Yasm +1 · Yasm +1

Name of the Vulnerable Software and Affected Versions: yasm version 1.3.0.55.g101bc Description: A segmentation violation was discovered in yasm via the function expand mmac params at /nasm/nasm-pp.c. Recommendations: For yasm version 1.3.0.55.g101bc, as a temporary workaround, consider disabling...

It is possible to override pool params in PoolRegistry.sol since the creator field is never set for a venus pool

Lines of code Vulnerability details Proof of Concept PoolRegistry.createPoolRegistry will call PoolRegistry.registerPool which will make a check on the creator field for a pool. VenusPool memory venusPool = poolByComptrollercomptroller; requirevenusPool.creator == address0, "PoolRegistry: Pool...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free via the function expandmmacparams at /nasm/nasm-pp.c. Remediation There is no fixed version for yasm. References - GitHub Issue Credit: randomssr...

CVE-2023-31973

yasm v1.3.0 was discovered to contain a use after free via the function expandmmacparams at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy...

CVE-2023-31973

yasm v1.3.0 was discovered to contain a use after free via the function expandmmacparams at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy...

DEBIAN-CVE-2023-31973

yasm v1.3.0 was discovered to contain a use after free via the function expandmmacparams at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy...