CVE-2021-46788

Third-party pop-up window coverage vulnerability in the iConnect module.Successful exploitation of this vulnerability may cause system pop-up window may be covered to mislead users to perform incorrect operations...

apache-httpclient: incorrect handling of malformed authority component in request URIs

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

apache-httpclient: incorrect handling of malformed authority component in request URIs

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

Laurent Rineau CGAL输入验证错误漏洞

Laurent Rineau CGAL is a Laurent Rineau open source application. Provides access to geometric algorithms in the form of C ++ libraries. A code execution vulnerability exists in Laurent Rineau CGAL, which can be exploited by an attacker to cause out-of-scope reads and type obfuscation via a...

Laurent Rineau CGAL 输入验证错误漏洞

Laurent Rineau CGAL is a Laurent Rineau open source application. Provides access to geometric algorithms in the form of C ++ libraries. A code execution vulnerability exists in Laurent Rineau CGAL, which can be exploited by an attacker to cause out-of-scope reads and type obfuscation via a...

GHSA-X446-3XHQ-5XFP Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon

SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option...

Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon

SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option...

Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon

SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality...

golang: crypto/tls: certificate of wrong type is causing TLS client to panic

A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists or can be issued, or the client is configured with...

Samsung SMR 缓冲区错误漏洞

Samsung SMR is a system patch package from South Korea's Samsung Samsung. It provides patches for Samsung mobile applications. Samsung SMR suffers from a buffer overflow vulnerability that stems from an incorrect size check in the sapefdparsemetaHEADERold function of the libsapeextractor library...

Wrong modfier

Lines of code Vulnerability details Impact According to the comment at line 49 and the business logic of this smart contract, it is better to use "ISgoverner " or "onlyGoverner" modifier instead of "onlyOwner". Proof of Concept Tools Used : manual analysis Recommended Mitigation Steps changing...

CVE-2022-21947

The CVE-2022-21947 entry concerns SUSE Rancher Desktop (Rancher Desktop) with an exposure of the Dashboard API (steve) to the local network. Affected: Rancher Desktop versions prior to V. Root cause: Exposure of Resource to Wrong Sphere vulnerability allows a local-network attacker to connect to ...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a security vulnerability that stems from incorrect input validation in settings, which may display the wrong application name and can be exploited by an attacker to escalate privileges...

CVE-2022-21947

A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API steve to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V...

golang: crypto/tls: certificate of wrong type is causing TLS client to panic

A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists or can be issued, or the client is configured with...

DEBIAN-CVE-2021-25220

BIND 9.11.0 - 9.11.36 9.12.0 - 9.16.26 9.17.0 - 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 - 9.11.36-S1 9.16.8-S1 - 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as th...

AZL-9118 CVE-2021-25220 affecting package bind for versions less than 9.16.29-1

BIND 9.11.0 - 9.11.36 9.12.0 - 9.16.26 9.17.0 - 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 - 9.11.36-S1 9.16.8-S1 - 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as th...

DEBIAN-CVE-2021-39686

In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

Wrong formula when add fee incentivePool can lead to loss of funds.

Lines of code Vulnerability details Impact The getAmountToTransfer function of LiquidityPool updates incentivePooltokenAddress by adding some fee to it but the formula is wrong and the value of incentivePooltokenAddress will be divided by BASEDIVISOR 10000000000 each time. After just a few time,...

CVE-2022-26129

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parsehellosubtlv, parseihusubtlv, and parseupdatesubtlv in babeld/message.c...