206 matches found
Lack of expiration time for cross-chain message passing
Lines of code Vulnerability details Lack of expiration time for cross-chain message passing Summary Lack of expiration time for cross-chain message passing Vulnerability Detail In the current implementation, the L1CrossDomainMessagern.sol inherits from CrossDomainMessager.sol and...
CVE-2022-3284
Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0...
CVE-2022-3284 Insecure way of passing a download key
Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0...
Intel OneApi Toolkits 代码问题漏洞
Intel OneApi Toolkits is a set of core tools and libraries from the United States Intel Intel. It is used to develop high-performance, data-centric applications across different architectures. A security vulnerability exists in Intel OneApi Toolkits versions prior to 2021.6, which stems from an...
SUSE CVE-2014-8631
The Chrome Object Wrapper COW implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 supports native-interface passing, which allows remote attackers to bypass intended DOM object restrictions via a call to an unspecified method...
SUSE CVE-2019-5824
Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2023-0286
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...
kernel: NFSv4: Fix free of uninitialized nfs4_label on referral lookup.
In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix free of uninitialized nfs4label on referral lookup. Send along the already-allocated fattr along with nfs4fslocations, and drop the memcpy of fattr. We end up growing two more allocations, but this fixes up a crash as:...
CVE-2021-44221
A vulnerability has been identified in SIMATIC eaSie Core Package All versions V22.00. The affected systems do not properly validate input that is sent to the underlying message passing framework. This could allow an remote attacker to trigger a denial of service of the affected system...
CVE-2021-44221
A vulnerability has been identified in SIMATIC eaSie Core Package All versions V22.00. The affected systems do not properly validate input that is sent to the underlying message passing framework. This could allow an remote attacker to trigger a denial of service of the affected system...
CVE-2021-44221
A vulnerability has been identified in SIMATIC eaSie Core Package All versions V22.00. The affected systems do not properly validate input that is sent to the underlying message passing framework. This could allow an remote attacker to trigger a denial of service of the affected system...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox that originates in the ms-mddt, search, and search-ms protocols in Windows Firefox's applications that pass content to Microsoft applications could le...
Design/Logic Flaw
All versions of FileCloud prior to 21.3 are vulnerable to user enumeration. The vulnerability exists in the parameter "path" passing "/SHARED/". A malicious actor could identify the existence of users by requesting share information on specified share paths...
Intel Trace Analyzer And Collector 缓冲区错误漏洞
Intel Trace Analyzer And Collector is a trace analyzer and collector from Intel USA. It is used to analyze Mpi behavior in parallel applications. Intel Trace Analyzer and Collector suffers from a buffer error vulnerability that stems from a potential security flaw in Intel Trace Analyzer and...
Intel Trace Analyzer and Collector 安全漏洞
Intel Trace Analyzer And Collector is a trace analyzer and collector from Intel USA. It is used to analyze Mpi behavior in parallel applications. A security vulnerability exists in Intel Trace Analyzer and Collector that stems from a potential security flaw in Intel Trace Analyzer and Collector. ...
AlmaLinux 8 : curl (ALSA-2021:3582)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:3582 advisory. - When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The...
[SECURITY] Fedora 35 Update: python-celery-5.2.3-2.fc35
An open source asynchronous task queue/job queue based on distributed message passing. It is focused on real-time operation, but supports scheduling as well. The execution units, called tasks, are executed concurrently on one or more worker nodes using multiprocessing, Eventlet or gevent. Tasks c...
Mozilla Firefox Security Advisories (MFSA2021-55, MFSA2022-03) - Windows
Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
Extracting type information from Go binaries
During the 2021 edition of the SAS conference, I had the pleasure of delivering a workshop focused on reverse-engineering Go binaries. The goal of the workshop was to share basic knowledge that would allow analysts to immediately start looking into malware written in Go. A YouTube version of the...
GHSA-JQFH-8HW5-FQJR Improper Handling of Exceptional Conditions in detect-character-encoding
Impact In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. Patches The problem has been patched in detect-character-encoding v0.7.0. CVSS score CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:O/RC:C Base Score: 7.5 High Temporal Score: 7....