1269 matches found
CVE-2020-15694
In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get.contentLength does not raise any error if a malicious server provides a negative Content-Length...
CVE-2020-15131
In SLP Validate npm package slp-validate before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any ...
CVE-2020-15131
In SLP Validate npm package slp-validate before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any ...
CVE-2020-15131
In SLP Validate npm package slp-validate before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any ...
Input validation
In SLP Validate npm package slp-validate before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any ...
CVE-2020-15131 False-positive validity for NFT1 genesis transactions in SLP Validate
In SLP Validate npm package slp-validate before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any ...
CVE-2020-15131
The CVE-2020-15131 issue affects the npm package slp-validate prior to v1.2.2, where a wallet could yield false‑positive NFT1 Child Genesis validations (NFT1 tokens could appear valid without burning the NFT1 Group token as required by the NFT1 spec). This is a software validation flaw in the NFT...
False-positive validity for NFT1 genesis transactions
Impact In the npm package named "slp-validate", versions prior to 1.2.2 are vulnerable to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any o...
GHSA-6JMR-JFH7-XG3H False-positive validity for NFT1 genesis transactions
Impact In the npm package named "slp-validate", versions prior to 1.2.2 are vulnerable to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any o...
OSV-2020-1178 Global-buffer-overflow in arrow::Status arrow::VisitArrayInline<arrow::internal::ValidateArrayDataVisitor>
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20203 Crash type: Global-buffer-overflow READ 1 Crash state: arrow::Status arrow::VisitArrayInline arrow::Status arrow::internal::ValidateArrayDataVisitor::ValidateListArray...
OSV-2020-917 Heap-buffer-overflow in arrow::Status arrow::VisitArrayInline<arrow::internal::ValidateArrayVisitor>
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21039 Crash type: Heap-buffer-overflow READ 4 Crash state: arrow::Status arrow::VisitArrayInline arrow::internal::ValidateArray arrow::RecordBatch::Validate...
OSV-2020-57 Stack-buffer-overflow in ot::NetworkData::PrefixTlv::GetPrefixLength
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23267 Crash type: Stack-buffer-overflow READ 1 Crash state: ot::NetworkData::PrefixTlv::GetPrefixLength ot::NetworkData::NetworkData::FindPrefix ot::NetworkData::Leader::Validate...
libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c
A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being freed leading to a denial of service. System availability is the highest threat from this vulnerability...
DEBIAN-CVE-2020-4048
In affected versions of WordPress, due to an issue in wpvalidateredirect and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release...
PT-2020-3637 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.4.2 WordPress versions 5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34 Description: The issue is related to an unintended/open...
Validation Bypass in schema-inspector
In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the sanitize and the validate function used within schema-inspector...
CVE-2020-11072
In SLP Validate npm package slp-validate before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. Th...
CVE-2020-11072
In SLP Validate npm package slp-validate before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. Th...
Input validation
In SLP Validate npm package slp-validate before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. Th...
False-negative validation results in MINT transactions with invalid baton
Impact Users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. Patches npm package slp-validate has been patched and...