2242 matches found
CVE-2022-24125
The matchmaking servers of Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allow remote attackers to send arbitrary push requests to clients via a RequestSendMessageToPlayers request. For example, ability to send a push message to hundreds of thousands of machines is only restricted o...
CVE-2022-24125
The matchmaking servers of Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allow remote attackers to send arbitrary push requests to clients via a RequestSendMessageToPlayers request. For example, ability to send a push message to hundreds of thousands of machines is only restricted o...
Authentication flaw
The matchmaking servers of Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allow remote attackers to send arbitrary push requests to clients via a RequestSendMessageToPlayers request. For example, ability to send a push message to hundreds of thousands of machines is only restricted o...
CVE-2022-24125
Dark Souls III’s matchmaking server vulnerability CVE-2022-24125 allows remote attackers to send arbitrary push messages to clients via RequestSendMessageToPlayers, bypassing client-side restrictions. The issue affects DS3 versions up to 2022-03-19 and can enable large-scale pushes to hundreds of...
CVE-2022-24125
The matchmaking servers of Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allow remote attackers to send arbitrary push requests to clients via a RequestSendMessageToPlayers request. For example, ability to send a push message to hundreds of thousands of machines is only restricted o...
PT-2022-16479 · Fromsoftware · Dark Souls Iii
Name of the Vulnerable Software and Affected Versions: Dark Souls III versions through 2022-03-19 Description: The matchmaking servers allow remote attackers to send arbitrary push requests to clients via a "RequestSendMessageToPlayers" request. This issue is restricted on the client side and can...
CVE-2022-0618
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS or HTTP/2 PUSHPROMISE frame where the frame contains padding information...
kernel: improper initialization of the "flags" member of the new pipe_buffer
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copypagetoiterpipe and pushpipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cach...
kernel: improper initialization of the "flags" member of the new pipe_buffer
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copypagetoiterpipe and pushpipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cach...
swift-nio-http2 安全漏洞
swift-nio-http2 is a SwiftPM project that can be built and tested very easily. A security vulnerability exists in swift-nio-http2 version 1.0.0 up to and including version 1.20, which stems from a logic error when an application parses an HTTP/2 header or an HTTP/2 PUSHPROMISE frame, which contai...
Check if a value is in an array before a push
This issue has been created to upgrade a QA report submission to a medium severity finding. From Dravee: Check if a value is in an array before a push In NestedRecords.sol's store function, it's possible to push an existing address token several times in the same array File: NestedRecords.sol 130...
CVE-2021-44166
An improper access control vulnerability CWE-284 in FortiToken Mobile Android external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the...
CVE-2021-44166
An improper access control vulnerability CWE-284 in FortiToken Mobile Android external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the...
CVE-2021-44166
Summary: CVE-2021-44166 affects Fortinet FortiToken Mobile for Android (external push notification, versions ≤ 5.1.0). The root cause is an improper access control (CWE-284) that could allow a remote attacker who already has a user’s password to access the protected system during the 2FA flow, ev...
CVE-2021-44166
An improper access control vulnerability CWE-284 in FortiToken Mobile Android external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the...
JetBrains TeamCity Access Control Error Vulnerability (CNVD-2022-18624)
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Jetbrains. An access control error vulnerability exists in JetBrains TeamCity, which stems from the fact that the product does not effectively restrict permissions for the Agent Push feature. An...
FortiToken Mobile (Android) - Deny request approved from External push notification
An improper access control vulnerability CWE-284 in FortiToken Mobile Android external push notification may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the legitimate user...
JetBrains TeamCity OS Command Injection Vulnerability Vulnerability
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. JetBrains TeamCity is vulnerable to an operating system command injection vulnerability that stems from a lack of filtering and escaping of system commands in the Agent Push feature...
CVE-2022-25263
JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration...
CVE-2022-25263
JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration...