CVE-2020-35537

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

Dynamic quorum votes parameters for a proposal (Proposal A) are changed according to another proposal (Proposal B) that proposes to update dynamic quorum votes parameters when Proposal B is executed after Proposal A is created in the same block

Lines of code Vulnerability details Impact The following writeQuorumParamsCheckpoint function is used to record dynamic quorum votes parameters at a block of interest. function writeQuorumParamsCheckpointDynamicQuorumParams memory params internal uint32 blockNumber = safe32block.number, 'block...

PT-2022-4653 · D Link · D-Link Dsl-3782

Name of the Vulnerable Software and Affected Versions: D-Link DSL-3782 versions v1.03 and below Description: The issue is related to a stack overflow vulnerability in the getAttrValue function of the D-Link DSL-3782 router's firmware. Exploitation of this issue may allow an attacker to execute...

CVE-2022-2125

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2...

CVE-2022-1669

A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary index.cgi to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any "Addres...

setMinter() in vcon.sol missing important checks can lead to loss of minting ability

Lines of code Vulnerability details Impact The setMinter function in Vcon.sol lacks both zero address checks and a proper ownership transfer pattern. I am submitting this as a medium-severity issue separate from similar low-severity instances due to this example's effect on the entire protocol. I...

CVE-2022-1154

Use after free in utfptr2char in GitHub repository vim/vim prior to 8.2.4646...

CVE-2022-0685

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418...

CVE-2022-0408

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2...

CVE-2022-0392

Heap-based Buffer Overflow in GitHub repository vim prior to 8.2...

CVE-2021-3726

Vulnerability in title function Description: the title function defined in lib/termsupport.zsh uses print to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the title function in a way that is unsafe. Fixed in:...

CVE-2020-18730

A segmentation violation in the Iec104DealI function of IEC104 v1.0 allows attackers to cause a denial of service DOS...

grief a user by not allowing him to retrieve funds

Handle gpersoon Vulnerability details Impact The function removeUserActiveBlocks contains a "for" loop, which depends on the size of the array activeTransactionBlocks. If the array is too large then the for loop will take so much gas that the transaction will revert. The function fulfill, which...

in catalyst-team/catalyst

Description Catalyst is a PyTorch framework for Deep Learning research and development. It focuses on reproducibility, rapid experimentation, and codebase reuse so you can create something new rather than write another regular train loop. This package was vulnerable to Arbitrary code execution vi...

Code Injection in apolloauto/apollo

Description Arbitrary Code Excecution in genprotofile.py in ApolloAuto/Apollo. An open autonomous driving platform. Technical Description This package was vulnerable to Arbitrary code execution due to a use of a known vulnerable function load in yaml. fix is to be done genprotofile.py Exploit cod...

Code Injection in ultralytics/yolov5

Description Arbitrary Code Excecution in ultralytics/yolov5. Yolov5 is a Object Detection model from Ultralytics. Ultralytics is a U.S.-based particle physics and AI startup with over 6 years of expertise supporting government, academic and business clients. Ultralytics offer a wide range of visi...

Code Injection in svaarala/duktape

Description Arbitrary Code Excecution in svaarala/duktape/tools/genconfig.py. Duktape - embeddable Javascript engine with a focus on portability and compact footprint. Genconfig is a Process Duktape option metadata and produce various useful outputs. Technical Description This package was...

Code Injection in microsoft/qlib

Description Arbitrary Code Excecution in microsoft/qlib. Qlib is an AI-oriented quantitative investment platform, which aims to realize the potential, empower the research, and create the value of AI technologies in quantitative investment. Technical Description This package was vulnerable to...

Slider by 10Web < 1.2.36 - Multiple Authenticated SQL Injection

The bulkaction, exportfull and savesliderdb functionalities of the plugin were vulnerable, allowing a high privileged user Admin, or medium one such as Contributor+ if "Role Options" is turn on for other users to perform a SQL Injection attacks. Vulnerable param: check Vulnerable function:...

qdPM 9.1 Arbitrary File Upload

Exploit Title: qdPM 9.1 - Arbitrary File Upload Date: 2020-05-06 Author: Besim ALTINOK Vendor Homepage: https://sourceforge.net/projects/qdpm/ Software Link: https://sourceforge.net/projects/qdpm/ Version: v9.1 Maybe it affect other versions Tested on: Xampp Credit: İsmail BOZKURT Remotely: Yes...