The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service (DoS). Devamını Oku
The Onion module in toxcore before 0.2.2 doesn't restrict which packets can be onion-routed, which allows a remote attacker to discover a target user's IP address (when knowing only their Tox Id) by positioning themselves close to target's Tox Id in the DHT for the target to establish an onion connection with the attacker, guessing…
Improper handling of pointers in the System Management Mode (SMM) handling code may allow for a privileged attacker with physical or administrative access to potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by the operating system. Devamını Oku
Improper handling of pointers in the System Management Mode (SMM) handling code may allow for a privileged attacker with physical or administrative access to potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by the operating system. Devamını Oku
All versions of package comb are vulnerable to Prototype Pollution via the deepMerge() function. Devamını Oku
The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution (RCE) due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine. Devamını Oku
All versions of package sey are vulnerable to Prototype Pollution via the deepmerge() function. Devamını Oku
All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep() function. Devamını Oku
All versions of package comb are vulnerable to Prototype Pollution via the deepMerge() function. Devamını Oku
The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution (RCE) due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine. Devamını Oku
All versions of package sey are vulnerable to Prototype Pollution via the deepmerge() function. Devamını Oku
All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep() function. Devamını Oku