sm-crypto Affected by Signature Malleability in SM2-DSA

Summary A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library. An attacker can derive a new valid signature for a previously signed message from an existing signature. Credit This vulnerability was discovered by: - XlabAI Team of Tencent...

EUVD-2024-41444

Malicious code in bioql PyPI...

GHSA-JHMR-57CJ-Q6G9 Komari vulnerable to 2FA Authentication Bypass

Summary Logic error in 2FA verification condition allows bypass of two-factor authentication Details https://github.com/komari-monitor/komari/blob/bd5a6934e1b79a12cf1e6a9bba5372d0e04f3abc/api/login.goL55 There is no way for Verify2Fa to return an error AND true as ok at the same time, any codes a...

Komari vulnerable to 2FA Authentication Bypass

Summary Logic error in 2FA verification condition allows bypass of two-factor authentication Details https://github.com/komari-monitor/komari/blob/bd5a6934e1b79a12cf1e6a9bba5372d0e04f3abc/api/login.goL55 There is no way for Verify2Fa to return an error AND true as ok at the same time, any codes a...

Improper Input Validation

tiny-secp256k1 is vulnerable to improper input validation. The vulnerability is due to the ability to pass a malicious JSON-stringifiable object to the verify function when the global Buffer is overridden by the NPM buffer package, which allows an attacker to perform a type confusion attack and...

Hickory DNS's DNSSEC validation may accept broken authentication chains

Summary The DNSSEC validation routines treat entire RRsets of DNSKEY records as trusted once they have established trust in only one of the DNSKEYs. As a result, if a zone includes a DNSKEY with a public key that matches a configured trust anchor, all keys in that zone will be trusted to...

CVE-2024-50671

Incorrect access control in Adapt Learning Adapt Authoring Tool = 0.11.3 allows attackers with Authenticated User roles to obtain email addresses via the "Get users" feature. The vulnerability occurs due to a flaw in permission verification logic, where the wildcard character in permitted URLs...

CVE-2023-26322

A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code...

CVE-2023-26324

A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code...

CVE-2023-26322 GetApps application has code execution vulnerability

A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code...

CVE-2023-26322

CVE-2023-26322 corresponds to a code-execution vulnerability in the XiaomiGetApps application. Multiple connected documents reveal that the root cause is bypassed verification logic, enabling remote code execution. Reported impact is high/critical, with potential for attacker-controlled code exec...

CVE-2023-26322 GetApps application has code execution vulnerability

A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code...

CVE-2023-26324

CVE-2023-26324 affects XiaomiGetApps; the flaw is a bypass of the verification logic that allows code execution. PT-2024-12097 details exploit steps via WebView: open a URL, inject JavaScript, use vulnerable GetApps JavaScript Interface to install and launch a payload, potentially obtaining a she...

CVE-2023-26324 GetApps application has code execution vulnerability

A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code...

CVE-2023-26324 GetApps application has code execution vulnerability

A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code...

CVE-2022-23764 TERUTEN WebCube update remote code execution vulnerability

The vulnerability causing from insufficient verification procedures for downloaded files during WebCube update. Remote attackers can bypass this verification logic to update both digitally signed and unauthorized files, enabling remote code execution...

Adobe Flash Player AVM Verification Logic Array Indexing Code Execution

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit...

Adobe Flash Player AVM Verification Logic Array Indexing Code Execution

This module exploits a vulnerability in Adobe Flash Player versions 10.3.181.23 and earlier. This issue is caused by a failure in the ActionScript3 AVM2 verification logic. This results in unsafe JITJust-In-Time code being executed. This is the same vulnerability that was used for attacks against...

Adobe Flash Player AVM Verification Logic Array Indexing Code Execution

Exploit for windows platform in category remote exploits $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require...

Adobe Flash Player AVM Verification Logic Array Indexing Code Execution

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Adobe Flash Player AVM...