Lucene search
K

144 matches found

Cvelist
Cvelist
•added 2024/03/11 4:35 p.m.•43 views

CVE-2024-0050

In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for exploitation...

6.7AI score0.00126EPSS
Exploits0References2
CVE
CVE
•added 2024/03/11 4:35 p.m.•171 views

CVE-2024-0050

CVE-2024-0050 involves an out-of-bounds write in the getConfig path of SoftVideoDecoderOMXComponent.cpp. The issue is triggered via missing validation and results in a local, non‑security impact with no additional execution privileges required (no user interaction). Affected detail: the vulnerabi...

7.8CVSS6.7AI score0.00126EPSS
Exploits0References2Affected Software1
OSV
OSV
•added 2024/03/01 12:0 a.m.•51 views

ASB-A-273935108

In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.6AI score0.00126EPSS
Exploits0References2
Veracode
Veracode
•added 2023/11/01 8:58 a.m.•19 views

Information Disclosure

matrixsynapse is vulnerable to Information Disclosure. The vulnerability is caused by a missing validation check for the userid parameter used to query cached device information of remote users. This can lead to enumerating the remote users known to a homeserver...

5.3CVSS6.8AI score0.00897EPSS
Exploits0References5Affected Software3
Veracode
Veracode
•added 2023/11/01 6:26 a.m.•12 views

Denial Of Service (DoS)

pypdf is vulnerable to Denial Of Service DoS. The vulnerability is caused by a missing validation check if the current object in a clone operation has already been visited so that it will not be added in to a list of objects to visit again. An attacker can craft a malicious PDF which can lead to ...

5.5CVSS7AI score0.00243EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2023/10/10 5:41 a.m.•52 views

Improper Input Validation

postcss is vulnerable to Improper Input Validation. The vulnerability is due to the REBADBRACKET in tokenize.js which does not account for carriage returns \r. This means that any CSS containing a carriage return character \r would not be matched by this regular expression, potentially allowing...

5.3CVSS7.2AI score0.00822EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2023/10/04 8:14 a.m.•23 views

Path Traversal

github.com/argoproj/argo-cd/v2 is vulnerable to Path Traversal. The vulnerability is caused by a missing validation check in the repo server API that prevents file traversal attacks. This can lead to an attacker leaking values or files from the referenced Helm Chart by using a using a...

5CVSS6.7AI score0.005EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2023/09/21 11:34 a.m.•26 views

Authentication Bypass

Sustainsys.Saml2 is vulnerable to Authentication Bypass. The vulnerability is caused by a missing validation check for the issuer of the Saml2 assertion in a Saml2 response and issuer identified in the stored request state. This can lead to a malicious identity provider to craft a Saml2 response...

7.5CVSS6.6AI score0.00601EPSS
Exploits0References5Affected Software1
Code423n4
Code423n4
•added 2023/08/04 12:0 a.m.•38 views

Missing validation checks on sending non blocking LZ payload

Lines of code Vulnerability details Impact In OFTCoreV2 provided as example by LayerZero function sendaddress from, uint16 dstChainId, bytes32 toAddress, uint amount, address payable refundAddress, address zroPaymentAddress, bytes memory adapterParams internal virtual returns uint amount...

7.1AI score
Exploits0
Code423n4
Code423n4
•added 2023/07/21 12:0 a.m.•9 views

LACK OF VALIDATION CHECK COULD LEAD TO WRONG TOKEN TRANSFERS THUS BREAKING THE PROTOCOL

Lines of code Vulnerability details Impact The InterchainTokenService.processSendTokenWithDataPayload function is used to process the received token amount with data at the destination InterchainTokenService contract. The received token amount is transferred to either the expressCaller or the...

7.3AI score
Exploits0
Code423n4
Code423n4
•added 2023/06/13 12:0 a.m.•11 views

The signature "V" length is not checked in castApprovalBySig, CastDisapprovalBySig & createActionBySig

Lines of code Vulnerability details Impact The length of the "v" value in the signatures is not checked. V must correspond according to ECDSA principles values of either 27 or 28. Not checking this will result in an attacker crafting a malicious v value and bypassing any checks, withdrawing funds...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/06/09 12:0 a.m.•20 views

Recipient address is not appropriately validated or sanitized in the BaseFeeVault contract (loss of funds)

Lines of code Vulnerability details Impact If the recipient address is not properly validated, an attacker could supply a malicious address as the recipient. This could result in the accumulated fees being sent to an unintended or unauthorized party. It could lead to financial loss or disruption ...

7AI score
Exploits0
Ubuntu
Ubuntu
•added 2023/01/23 6:29 a.m.•91 views

USN-5816-1: Firefox vulnerabilities

Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. An attacker could potentially exploits this to obtain sensitive information. CVE-2023-23597 Tom...

8.8CVSS8.2AI score0.00702EPSS
Exploits0
Code423n4
Code423n4
•added 2022/09/27 12:0 a.m.•8 views

ArtGobblers.sol#L411 : mintLegendaryGobbler can be executed without gobblerIds also

Lines of code Vulnerability details Impact The function mintLegendaryGobbler can be called without any gobblerIds as well. Proof of Concept. to mint the legendary gobbler in the function mintLegendaryGobbler, the line ArtGobblers.solL418 calculates the cost. uint256 cost = legendaryGobblerPrice;...

7AI score
Exploits0
Code423n4
Code423n4
•added 2022/09/27 12:0 a.m.•8 views

ArtGobblers.sol#L693 : function "tokenURI" does not validate the "gobblerId" for all cases.

Lines of code Vulnerability details Impact validation check for gobblerId is missing for other case inside the function tokenURI. Proof of Concept function tokenURIuint256 gobblerId public view virtual override returns string memory // Between 0 and lastRevealed are revealed normal gobblers. if...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/07/17 12:0 a.m.•14 views

Validation check for payFYToken and payBase functions to allow only valid users.

Lines of code Vulnerability details Impact This will prevent from calling the functions by invalid users. Unnecessary condition verification. Proof of Concept Tools Used Manual code review Recommended Mitigation Steps At the start of the functions, add validation check such that only the user who...

7.1AI score
Exploits0
Prion
Prion
•added 2022/06/13 10:15 p.m.•18 views

Design/Logic Flaw

Electron is a framework for writing cross-platform desktop applications using JavaScript JS, HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafte...

6.5CVSS6.9AI score0.0085EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
•added 2022/05/20 9:30 p.m.•7 views

CVE-2022-29200 Missing validation causes denial of service in TensorFlow via `LSTMBlockCell`

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.LSTMBlockCell does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. The cod...

5.5CVSS5.8AI score0.00317EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
•added 2022/05/16 12:0 a.m.•27 views

Rocky Linux 8 : c-ares (RLSA-2022:2043)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:2043 advisory. - A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong...

6.8CVSS6.8AI score0.02617EPSS
Exploits1References3
NVD
NVD
•added 2022/05/03 8:15 p.m.•17 views

CVE-2022-28784

Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic...

4CVSS0.00117EPSS
Exploits0References1
Rows per page
Query Builder