CVE-2022-39176

BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate paramslen...

LogicV2 has different/new initialize() code, but it is not possible to call it.

Lines of code Vulnerability details Impact In the V1 we had a line in the initialize: requireaddresstimelock == address0, 'NounsDAO::initialize: can only initialize once'; ... timelock = INounsDAOExecutortimelock; So in the storage of the DAOProxy it is stored an address for timelock. V2 code has...

CVE-2022-37095

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateWanParams...

CVE-2022-36502

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateWanParams...

PT-2022-23781 · H3C · H3C Gr-1200W

Name of the Vulnerable Software and Affected Versions: H3C GR-1200W MiniGRW1A0V100R006 Description: A stack overflow issue was discovered in the function UpdateWanParamsMulti. Recommendations: For H3C GR-1200W MiniGRW1A0V100R006, as a temporary workaround, consider disabling the...

H3C Magic NX18 Plus 缓冲区错误漏洞

The H3C Magic NX18 Plus is a Gigabit dual-band router from China's Xinhua San H3C. A security vulnerability exists in the H3C Magic NX18 Plus NX18PV100R003 version that stems from a stack overflow in the UpdateIpv6Params method...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the expandmmacparams function in modules/preprocs/nasm/nasm-pp.c. Remediation There is no fixed version for yasm. References - GitHub Gist - GitHub Issue Credit: Clingto...

DEBIAN-CVE-2021-33457

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expandmmacparams in modules/preprocs/nasm/nasm-pp.c...

AZL-10327 CVE-2021-33457 affecting package yasm 1.3.0-17

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expandmmacparams in modules/preprocs/nasm/nasm-pp.c...

node-import `params` argument can be controlled by users without any sanitization

This affects all versions of package node-import. The params argument of module function can be controlled by users without any sanitization. This is then provided to the “eval” function located in line 79 in the index file index.js...

CVE-2020-7678

node-import is vulnerable to Arbitrary Code Execution: the params argument can be provided by users without sanitization and is passed to eval in index.js (line 79), affecting all versions. A PoC exists demonstrating code execution, and no fixed version is available. Practical remediation is to r...

CVE-2020-7678 Arbitrary Code Execution

This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js"...

node-import 安全漏洞

node-import is used by Nanang Mahdaen El Agung Individual Developer Indonesia to import dependencies and run them directly or link them and export to a file. A security vulnerability exists in node-import, which stems from the vulnerability of this package to arbitrary code execution, where the...

USN-5479-2 php7.0 vulnerabilities

USN-5479-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Charles Fol discovered that PHP incorrectly handled initializing certain arrays when handling the pgqueryparams function. A remote attacker could use this issue...

MAL-2022-841 Malicious code in ad-params (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7b8c257c36ee04809d35c8ffa9d32712da6d03b8da5708f906e081bf2c5cd3eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-30912

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateWanParams parameter at /goform/aspForm...

new packages: perl-Params-Util

An update is available for perl-Params-Util. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

new packages: perl-Params-Check

An update is available for perl-Params-Check. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

GHSA-737W-MH58-CXJP Arbitrary code execution in Apache Struts

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag...

TikTok: XSS and iframe injection on tiktok ads portal using redirect params

A Cross-Site Scripting XSS vulnerability was found on a TikTok Ads endpoint via the "redirect" parameter. We thank @cancerz for reporting this to our team...