A malicious early user/attacker can manipulate the lpToken's pricePerShare to take an unfair share of future users' deposits

Lines of code Vulnerability details Impact A well known attack vector for almost all shares based liquidity pool contracts, where an early user can manipulate the price per share and profit from late users' deposits because of the precision loss caused by the rather large value of price per share...

Unreleased locks cause the reward distribution to be flawed in BondNFT

Lines of code Vulnerability details Impact After a lock has expired, it doesn't get any rewards distributed to it. But, unreleased locks cause other existing bonds to not receive the full amount of tokens either. The issue is that as long as the bond is not released, the totalShares value isn't...

CVE-2022-42859

Multiple issues were addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, watchOS 9.2. An app may be able to bypass Privacy preferences...

Linux kernel 代码问题漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A code issue vulnerability exists in the Linux kernel that stems from a null pointer dereference due to a failure to check the return value of uapifinalize...

Linux kernel 代码问题漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A code issue vulnerability exists in the Linux kernel that stems from an unchecked kvmallocarray return that causes a null pointer dereference...

Pool creator can manipulate the price whatever they want

Lines of code Vulnerability details Impact Pool creator can manipulate the price whatever they want, user that not aware of this may swap in suboptimal price. Proof of Concept When a pool is created using the factory, the creator needs to supply a few parameters: function createuint256 fee, uint2...

PUB-A-233230674

In SAEMMMiningCodecTableWithMsgIE of SAEMMRadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation...

Purchase Order Management System 代码问题漏洞

Purchase Order Management System is a Purchase Order Management System by Carlo Montero Personal Developer. A code issue vulnerability exists in Purchase Order Management System v1.0, which was discovered via /purchaseorder/admin/?page=systeminfo contains a file upload vulnerability...

Uint underflow issue

Lines of code Vulnerability details Impact Potential underflow if shares is greater than totalSupply Proof of Concept Tools Used Manual review Recommended Mitigation Steps Before the following line, check if totalSupply is greater or equal to shares --- The text was updated successfully, but thes...

Variable claimed its being resetting instead of adding

Lines of code Vulnerability details Impact The variable claimed that keeps tracking of the total amount claimed per user per token its being being resetting with a wrong value. This impacts on the line due calculation on SyndicateRewardsProcessor.solL61 uint256 due = accumulatedETHPerLPShare...

Susceptible to reorg attack

Lines of code Vulnerability details Impact When reorg happens, it is possible that the cancelled order by the taker be executed by the maker. Proof of Concept Suppose userA is seller and userB is buyer, seller is maker, and buyer is taker. After some time, userB the buyer cancels the order by...

NagVis 代码问题漏洞

NagVis is a program from NagVis Open Source. Used to visualize your chosen monitoring core data in a user-friendly way. A code issue vulnerability exists in NagVis 1.9.33 and earlier versions, which stems from an affected function checkAuthCookie in the file...

CVE-2022-29888

A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2022-28689

A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2022-26023

A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability...

Seller can stole users assets by create and then cancel the auction

Lines of code Vulnerability details Impact Seller can stole users assets by create and cancel auction Proof of Concept Seller can create an auction, then wait for people to participate in auction bidding, finally the seller cancel the auction and get the users assets. This scenario can happen wit...

Canteen Management System 代码问题漏洞

Canteen Management System is a cafeteria management system by Mayuri K. Individual developer. Canteen Management System version 1.0 has a code issue vulnerability that originates from /youthappam/phpaction/editProductImage.php which is vulnerable to arbitrary file uploads...

InHand Networks InRouter302 console nvram leftover debug code vulnerability

Talos Vulnerability Report TALOS-2022-1518 InHand Networks InRouter302 console nvram leftover debug code vulnerability October 27, 2022 CVE Number CVE-2022-29481 SUMMARY A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A...

InHand Networks InRouter302 console verify leftover debug code vulnerability

Talos Vulnerability Report TALOS-2022-1520 InHand Networks InRouter302 console verify leftover debug code vulnerability October 27, 2022 CVE Number CVE-2022-26023 SUMMARY A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A...

InHand Networks InRouter302 安全漏洞

The InHand Networks InRouter302 is an LTE cellular router from InHand Networks USA. A security vulnerability exists in the InHand Networks InRouter302 version V3.5.45, which stems from a remaining debug code vulnerability in the console support feature...