PT-2024-40018 · Ckb · Ckb

Name of the Vulnerable Software and Affected Versions: Ckb versions prior to 0.35.2 Ckb versions prior to 0.36.1 Ckb versions prior to 0.37.1 Ckb versions prior to 0.38.2 Description: The issue causes faulty nodes to reject transactions that call the load cell data syscall when the input cell is...

Nervos CKB BlockTimeTooNew should not be considered as invalid block

Impact Currently, when a node receives a block in future according to its local wall clock, it will mark the block as invalid and ban the peer. If the header's timestamp is more than 15 seconds ahead of our current time. In that case, the header may become valid in the future, and we don't want t...

PT-2024-3400 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a missing odm calculation for pipe split policy determination in the Linux kernel's drm/amd/display module, specifically affecting the dcn35 8k30. This missing...

PT-2024-15942

Name of the Vulnerable Software and Affected Versions: obgm libcoap version 4.3.4 Description: A critical issue has been found in the function get split entry of the file src/coap oscore.c of the component Configuration File Handler. This issue leads to a stack-based buffer overflow. The attack c...

Trillium Injection Vulnerability

Trillium is a composable toolkit from the Trillium community for building Internet applications using asynchronous Rust. An injection vulnerability exists in Trillium versions prior to 0.3.12 and 0.5.x prior to 0.5.4, which stems from insufficient header validation and may result in a split reque...

SUSE CVE-2024-0684

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the linebytessplit function, potentially leading to an application crash and denial of service...

CVE-2024-0684

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the linebytessplit function, potentially leading to an application crash and denial of service. Mitigation Mitigation for this issue is either not...

PT-2024-1284

Name of the Vulnerable Software and Affected Versions: GNU coreutils versions affected versions not specified Description: A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line bytes split...

golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers

A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory,...

GHSA-7M7H-RGVP-3V4R hutool-core discovered to contain an infinite loop in the StrSplitter.splitByRegex function

hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service DoS via manipulation of the first two parameters...

PT-2023-31755 · Unknown · Hutool-Core

Name of the Vulnerable Software and Affected Versions: hutool-core version 5.8.23 Description: The issue is related to an infinite loop in the StrSplitter.splitByRegex function, which can be exploited by attackers to cause a Denial of Service DoS via manipulation of the first two parameters,...

WordPress Split Test For Elementor Plugin <= 1.6.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software Split Test For Elementor Type Plugin Vulnerable versions = 1.6.9 Fixed in 1.7.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-51407 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 597730df326f Credits Nguyen Xua...

PT-2023-35638 · Git +1 · Binutils

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 1 crash has been reported. The crash involves the loongarch split args by comma, print insn loongarch, and disassemble sectio...

split-second.ca Cross Site Scripting vulnerability OBB-3784346

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

improper validations result in loss of funds.

Lines of code Vulnerability details Impact due the improper validation on amount , the users can pass Amount as 0 the calculated fee will be 0 and safeTranferFrom will pass. function getNFTMintingPriceuint256 id, uint256 amount public view returns uint256 fee address bondingCurve =...

Ubuntu 22.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-6466-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6466-1 advisory. Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel contained a race condition during device removal, leading to a use-after- free...

AmpedSense – AdSense Split Tester < 4.69 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-25476

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Ezoic AmpedSense – AdSense Split Tester plugin = 4.68 versions...

CVE-2023-25476

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Ezoic AmpedSense – AdSense Split Tester plugin = 4.68 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Ezoic AmpedSense – AdSense Split Tester plugin = 4.68 versions...