CVE-2022-34377

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service...

CVE-2022-34376

Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM...

CVE-2022-34376

Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM...

Input validation

Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM...

Design/Logic Flaw

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service...

CVE-2022-34377

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service...

CVE-2022-34377

Dell PowerEdge BIOS and Dell Precision BIOS are affected by an Improper SMM communication buffer verification vulnerability. A local attacker with high privileges can potentially achieve arbitrary code execution or cause a denial of service by exploiting a flawed SMM buffer validation. The connec...

CVE-2022-34376

Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM...

CVE-2022-34376

Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM...

PT-2023-13369 · Dell · Dell Precision Bios +1

Name of the Vulnerable Software and Affected Versions: Dell PowerEdge BIOS affected versions not specified Dell Precision BIOS affected versions not specified Description: The issue concerns an improper SMM communication buffer verification vulnerability. A local malicious user with high privileg...

PT-2023-13368 · Dell · Dell Precision Bios +1

Name of the Vulnerable Software and Affected Versions: Dell PowerEdge BIOS affected versions not specified Dell Precision BIOS affected versions not specified Description: The issue is related to an improper input validation vulnerability. A local authenticated malicious user may potentially...

First deposit can break share calculation

Lines of code Vulnerability details Impact Vault share price can be maliciously inflated on the initial deposit, leading to the next depositor losing assets due to precision issues. Proof of Concept 147: shares = convertToSharesassets - feeShares; If feeShares = 0 the first depositor of Vault can...

ERC4626 vault shares can be maliciously inflated

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The price of ERC4626 vault shares can be maliciously inflated during the first deposit, leading to the loss of assets for next depositors Proof of Concept Provide direct links to all referenced code in...

First depositor can break minting of shares

Lines of code Vulnerability details Vulnerability details The calculation of exchange rate for shares in Popcorn Vault is done by dividing the total supply of shares by the totalAssets of the vault. The first depositor can mint a very small number of shares, then donate to the vault to manipulate...

XDR, the Beatles, and Blunt Instruments

Sometimes tools are blunt because there’s nothing else. Regarding economic controls for example, Fed Chair Jerome Powell said: “We have essentially interest rates, the balance sheet and forward guidance. They are famously blunt tools, they are not capable of surgical precision." Others are blunt...

DIVISION BEFORE MULTIPLICATION ERROR IN CALCULATING INTEREST CAN LEAD TO LARGER PRECISION LOSS

Lines of code Vulnerability details Impact There is a division before multiplication bug in accrueInterest method of Lendgine.sol which may result in loss of interest being accrued due to huge precision loss. There is same error in invariant method of Pair.sol as well which can cause larger...

Precision loss in the invariant function can lead to loss of funds

Lines of code Vulnerability details Impact An attacker can steal the funds without affecting the invariant. Proof of Concept We can say the function Pair.invariant is the heart of the protocol. All the malicious trades should be prevented by this function. Pair.sol 52: /// @inheritdoc IPair 53:...

Huawei EulerOS: Security Advisory for gmp (EulerOS-SA-2023-1255)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mitigation of H-02: See comments

Lines of code Vulnerability details The PR applies the recommended mitigation from the finding, but doesn't take into account the rounding issue identified in M-09 Impact If the price the NFT is bought for is not an exact multiple of the filledQuantities, there will be a loss of precision, and...

CVE-2021-28510

For certain systems running EOS, a Precision Time Protocol PTP packet of a management/signaling message with an invalid Type-Length-Value TLV causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable...