EUVD-2022-2217

Malicious code in bioql PyPI...

Division by Zero and Precision Loss in computeOutputAmount Function

Lines of code Vulnerability details Impact The vulnerability can cause a runtime exception due to division by zero, leading to contract execution reverting. Additionally, precision loss may occur in calculations due to truncation of remainders, Proof of Concept When unwrapFeeDivisor unexpectedly...

SUSE CVE-2013-2071

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other application...

GHSA-8CWQ-4CMF-PX73 PocketMine-MP invalid skin geometry JSON data leading to server crash

Impact pocketmine\entity\Skin doesn't correctly handle errors produced by adhocore/json-comment, which throws RuntimeException rather than returning false as PocketMine-MP expects. This leads to a server crash if the skin geometry data is invalid for some reason e.g. a syntax error. Patches...

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other application...

CVE-2013-2071

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other application...

CVE-2013-2071

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other application...

Potential persistent xss in fixCaseInNotifications.jsp

There is a difficult to exploit XSS in fixCaseInNotifications.jsp. We could not get it to trigger, but there are some scenarios where unescaped data can be displayed through fix method correctName, userNameToFix. The relevant code is as follows: code NotificationCaseFixer caseFixer = new...