62 matches found
WordPress Plugin MStore API 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Burn logic issue due to lack of checking parameter 0 in burnWithReserve function
Lines of code Vulnerability details Impact The token quantity is sent to 0 and then the token is internally burned, causing a logic problem. Proof of Concept 1. burnWithReserve - reservePPM = 0 2. calculateFreedAmount call - The result is scaled by the ratio of currentReserve and minterReserve...
SUSE CVE-2014-4322
drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or...
SUSE CVE-2021-41495
Null Pointer Dereference vulnerability exists in numpy.sort in NumPy < and 1.19 in the PyArrayDescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that validation is missing, an error ca...
HTTP Response Splitting
netty-codec-http is vulnerable to HTTP response splitting attack. The vulnerability exists in the setObject function of DefaultHeaders.java as it takes the arrays and iterators as arguments, providing a way to bypass value validation allowing an attacker to inject malicious header values into the...
Siemens LOGO! 8 BM 输入验证错误漏洞
A security vulnerability exists in Siemens LOGO! 8 BM, a programming software for the Windows platform used in industrial environments from Siemens, Germany. The vulnerability stems from the inability to properly validate offset values defined in TCP packets when calling methods. An attacker coul...
PT-2022-10422 · Qualcomm · Snapdragon
Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon affected versions not specified Description: The issue is related to a possible out of bound write due to improper validation of the number of timer values received from firmware while syncing timers. This affects various...
Qualcomm 芯片缓冲区错误漏洞
A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and from time to time are manufactured on the surface of semiconductor wafers. A security vulnerability exists in a number of Qualcomm products...
NumPy has an unspecified vulnerability
NumPy is a Python scientific computing package. The product supports a large number of dimensional arrays and matrices, while providing a large library of mathematical functions for data operations. numPy 1.19 has a security vulnerability that stems from a null pointer dereference vulnerability i...
Null pointer dereference
DISPUTED Null Pointer Dereference vulnerability exists in numpy.sort in NumPy < and 1.19 in the PyArrayDescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that validation is missing, an...
CVE-2021-29853
IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529...
Advantech WebAccess Node viewsrv SQLFreeEnv Untrusted Pointer Dereference Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27D9 IOCTL in the webvrpcs process. The issue resul...
Denial of service vulnerability in the mp110005.sys driver of Micropoint Intelligent Defense Software Personal Free Edition (CNVD-2018-20118)
Micropoint Intelligent Defense Software Personal Free Edition is a set of third-generation anti-virus software of Micropoint Baihui Beijing Information Security Technology Co., Ltd. and adopts AI Intelligent Defense Technology to independently analyze and judge viruses. A denial of service...
Unspecified Vulnerability in Google Android Qualcomm Closed Source Component
Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA in the U.S. Qualcomm is one of the Qualcomm components used in Qualcomm devices. An unspecified vulnerability exists in the Qualcomm closed-source component in Android, which stems...
UBUNTU-CVE-2015-2156
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...
php: imagegammacorrect allows arbitrary write access
The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact by providing different signs for the second an...
NVIDIA Windows GPU Display Driver Local Elevation of Privilege Vulnerability (CNVD-2016-10566)
NVIDIA Windows GPU Display Driver is a set of graphics processor GPU graphics card drivers for Windows from NVIDIA. A local elevation of privilege vulnerability exists in NVIDIA Windows GPU Display Driver, which arises from the program failing to properly validate values. A local attacker could...
NVIDIA Windows GPU Display Driver Local Elevation of Privilege Vulnerability (CNVD-2016-10568)
NVIDIA Windows GPU Display Driver is a set of graphics processor GPU graphics card drivers for Windows from NVIDIA. A local elevation of privilege vulnerability exists in NVIDIA Windows GPU Display Driver, which arises from the program failing to properly validate values. A local attacker could...
NVIDIA Windows GPU Display Driver Local Privilege Vulnerability
NVIDIA Windows GPU Display Driver is a set of graphics processor GPU graphics card drivers for Windows from NVIDIA. The NVIDIA Windows GPU Display Driver is vulnerable to a local elevation of privilege vulnerability that arises from the program failing to properly validate values. A local attacke...
DEBIAN-CVE-2012-4922
The tortimegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a malformed directory object, a different vulnerability than...