1739 matches found
Bash 缓冲区错误漏洞
Bash is an American shell command language interpreter written for the GNU Project and running on Unix-like operating systems by the individual developer Brian J. Fox. It is capable of reading and executing commands from standard input devices or files. A buffer error vulnerability exists in Bash...
PT-2022-5389 · Bash +6 · Bash +6
Name of the Vulnerable Software and Affected Versions: bash affected versions not specified Description: The issue is related to a heap-buffer overflow in the valid parameter transform function of the bash package, which can lead to memory problems. This can potentially allow a remote attacker to...
CVE-2022-40895
In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a difference in forgot password...
CVE-2022-40895
In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a difference in forgot password...
CVE-2022-30935
An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to get valid sessions for arbitrary users, and optionally reset their password. Tested and confirmed...
Apache Pulsar Java Client vulnerable to Improper Certificate Validation
Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication...
Exploit for Argument Injection in Atlassian Bitbucket
CVE-2022-36804-PoC Multithreaded exploit script for CVE-2022-3...
CVE-2022-35996
TensorFlow is an open source platform for machine learning. If Conv2D is given empty input and the filter and padding sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack. We have patched the issue ...
Google TensorFlow 数字错误漏洞
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial-of-service vulnerability exists in Google TensorFlow, which stems from the fact that if Conv2D is specified as an empty input and the filter and padding sizes are valid, the output is all zeros...
SDomDiscover - A Easy-To-Use Python Tool To Perform DNS Recon
/ // \ / \ \ / / / / / / / / / / / / \ | / / / / / / // / // / / / / / / // / // // / |/ / / / ///// // ///////|/// A easy-to-use python tool to perform dns recon with multiple options Installation: It can be installed in any OS with python3 Manual installation git clone...
User Enumeration via Response Timing
Description There is a significant timing difference in the login functionality for valid and invalid usernames. Proof of Concept Steps to reproduce: 1. Attempt a Login with a valid user and an invalid user and observe the difference in the response time Here is a small test script alternatively ...
GHSA-RVGM-35JW-Q628 Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
Impact Arbitary javascript injection Modify any mermaid code blocks with the following code and the code inside will execute when the component is loaded by MDXjs + function // Put Javascript code here return '' + The block below shows a valid mermaid code block md mermaid graph TD; A--B; A--C;...
User Enumeration via Response Timing
Description There is a significant timing difference in the login functionality for valid and invalid usernames. Proof of Concept 1. Attempt a Login with a valid user and an invalid user and observe the difference in the response time Here is a small test script alternatively we can see the...
CVE-2022-37305
The Remote Keyless Entry RKE receiving unit on certain Honda vehicles through 2018 allows remote attackers to perform unlock operations and force a resynchronization after capturing five consecutive valid RKE signals over the radio, aka a RollBack attack. The attacker retains the ability to unloc...
Design/Logic Flaw
A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack...
CVE-2022-1989
All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users...
Information disclosure
All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users...
CVE-2022-35929
A flaw was found in the cosign package. The cosign verify-attestation used with the --type flag will report a false positive verification when there is at least one attestation with a valid signature and when there are no attestations of the type being verified for example, —type defaults to...
CVE-2022-35728
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging...
[SECURITY] Fedora 36 Update: golang-github-burntsushi-toml-test-0.2.0-12.20210108git9767d20.fc36
Toml-test is a higher-order program that tests other TOML decoders or encoder s. The goal is to make it comprehensive. Tests are divided into two groups: inva lid TOML data and valid TOML data. Decoders that reject invalid TOML data pass invalid TOML tests. Decoders that accept valid TOML data an...