637 matches found
Buy logic is not correct
Lines of code Vulnerability details Impact This will affect the curves from where the buy need to happen. This will lead to erroneous result. Proof of Concept Tools Used Manual calculation and code review Recommended Mitigation Steps Update the Buy logic by referring the sell logic. --- The text...
You Need to Update iOS, Android, and Chrome Right Now
Plus: Microsoft patched some 100 flaws, while Oracle issued more than 500 security fixes...
PT-2022-19584 · Mufeng · Mufeng'S Hermit 音乐播放器
Name of the Vulnerable Software and Affected Versions: Mufeng's Hermit 音乐播放器 plugin versions = 3.1.6 Description: An Authenticated SQL Injection SQLi issue allows attackers with Subscriber or higher user roles to execute SQLi attacks. The attack is executed via the &ids parameter. Recommendations...
PT-2022-19378 · Jenkins · Jenkins Gerrit Trigger Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Gerrit Trigger Plugin versions 2.35.2 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability, which can be exploited by attackers with Item/Configure permission. This occurs because the plugin do...
PT-2022-17553 · Samsung · Galaxy Watch Plugin
Name of the Vulnerable Software and Affected Versions: Galaxy Watch Plugin versions prior to 2.2.05.22012751 Description: The issue allows an attacker to access password information of connected WiFiAp in the log. Recommendations: For Galaxy Watch Plugin versions prior to 2.2.05.22012751, update ...
MariaDB DoS Vulnerability (MDEV-25631) - Windows
MariaDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb"; if...
PT-2021-6394 · Oracle +8 · Mysql Server +7
Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.27 and prior Description: The issue is related to errors in resource release in the MySQL Server component, specifically in the Optimizer subsystem. This can be exploited by a remote attacker to cause a denial of...
PT-2021-7541 · Vmware · Vmware Vrealize Log Insight
Name of the Vulnerable Software and Affected Versions: VMware vRealize Log Insight versions 8.x prior to 8.4 Description: The issue is due to improper user input validation, allowing an attacker with user privileges to inject a malicious payload via the Log Insight UI. This payload would be...
PT-2021-14226 · Cybozu · Cybozu Garoon
Name of the Vulnerable Software and Affected Versions: Cybozu Garoon versions 4.0.0 through 5.5.0 Description: A cross-site scripting issue in some functions of the E-Mail or Group Mail component allows a remote attacker to inject an arbitrary script via unspecified vectors. Recommendations: For...
SUSE: Security Advisory (SUSE-SU-2021:1785-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2021-19862 · Nextcloud · Nextcloud Android App
Name of the Vulnerable Software and Affected Versions: Nextcloud Android app versions prior to 3.16.1 Description: The Nextcloud Android app is vulnerable to an issue where a malicious app on the same device could access the shared preferences of the Nextcloud Android application. This requires...
FreeBSD : zeek -- several potential DoS vulnerabilities (a550d62c-f78d-4407-97d9-93876b6741b9)
Tim Wojtulewicz of Corelight reports : Fix potential Undefined Behavior in decodenetbiosname and decodenetbiosnametype BIFs. The latter has a possibility of a remote heap-buffer-overread, making this a potential DoS vulnerability. Add some extra length checking when parsing mobile ipv6 packets. D...
Improper Neutralization of Special Elements used in a Command ('Command Injection') in @floffah/build
Impact If you are using the esbuild target or command you are at risk of code/option injection. Attackers can use the command line option to maliciously change your settings in order to damage your project. Patches The problem has been patched in v1.0.0 as it uses a proper method to pass configs ...
PT-2021-5288 · Apple · Ipados +4
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.3 iOS versions prior to 14.5 iPadOS versions prior to 14.5 watchOS versions prior to 7.4 tvOS versions prior to 14.5 Description: A parsing issue in the handling of directory paths was addressed with improved path...
PT-2021-15578 · Mcafee · Mcafee Total Protection
Name of the Vulnerable Software and Affected Versions: McAfee Total Protection versions prior to 16.0.30 Description: The issue allows a local user to bypass Remote Procedure Call in McAfee Total Protection, gaining elevated privileges and performing arbitrary file modification as the SYSTEM user...
PT-2020-1250 · Google +9 · Android +9
Name of the Vulnerable Software and Affected Versions: Android versions 8.0 through 11 Description: The issue is related to a possible out of bounds write due to an integer overflow in the exif entry get value function of the exif-entry.c component. This could lead to remote code execution if a...
PT-2020-6188 · Mariadb +8 · Mariadb +9
Name of the Vulnerable Software and Affected Versions: mariadb versions prior to 10.1.47 mariadb versions prior to 10.2.34 mariadb versions prior to 10.3.25 mariadb versions prior to 10.4.15 mariadb versions prior to 10.5.6 Description: The issue is related to errors in input data processing duri...
PT-2021-6569 · Gthumb +3 · Gthumb +3
Name of the Vulnerable Software and Affected Versions: gThumb versions prior to 3.10.1 Description: The issue is related to insufficient input validation in the gThumb image processing application. It allows a remote attacker to cause a denial of service via a malformed JPEG image. Recommendation...
Ubuntu: Security Advisory (USN-4366-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for cpio (EulerOS-SA-2020-1375)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...