CVE-2021-28510

For certain systems running EOS, a Precision Time Protocol PTP packet of a management/signaling message with an invalid Type-Length-Value TLV causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable...

CVE-2021-28510

CVE-2021-28510 affects Arista EOS: a PTP management/signaling TLV with an invalid Type-Length-Value can cause the PTP agent to restart, leading to service unavailability. Affected EOS releases include 4.27.x (4.27.1 and earlier), 4.26.x (4.26.4 and earlier), 4.25.x (4.25.6 and earlier), and 4.24....

CVE-2021-28510 For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable.

For certain systems running EOS, a Precision Time Protocol PTP packet of a management/signaling message with an invalid Type-Length-Value TLV causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable...

First ERC4626 deposit can break share calculation

Lines of code Vulnerability details Impact ERC4626 vault share price can be maliciously inflated on the initial deposit, leading to the next depositor losing assets due to precision issues. Proof of Concept The first depositor of an ERC4626 vault can maliciously manipulate the share price by...

First ERC4626 deposit can break share calculation

Lines of code Vulnerability details Impact The first depositor of an ERC4626 vault can maliciously manipulate the share price by depositing the lowest possible amount 1 wei of liquidity and then artificially inflating ERC4626.totalAssets. This can inflate the base share price as high as 1:1e18...

AI and Political Lobbying

Launched just weeks ago, ChatGPT is already threatening to upend how we draft everyday communications like emails, college essays and myriad other forms of writing. Created by the company OpenAI, ChatGPT is a chatbot that can automatically respond to written prompts in a manner that is sometimes...

JumpRateModelV2 may return wrong values

Lines of code Vulnerability details JumpRateModelV2 may return wrong values Impact Solidity integer division might truncate. As a result, performing multiplication before division can sometimes avoid loss of precision. Vulnerability Details In general, this is a problem due to precision mostly if...

Brave Android 1.47.172 Security Fixes

Improved browser privacy by reducing high resolution timer precision as reported on HackerOne by joe12387. - Improved URL bar by always displaying eTLD+1 URLs. Upgraded Chromium to 109.0.5414.87 — refer to Google Chrome advisories for inherited CVEs...

TokenggAVAX.sol : First depositor can break minting of shares

Lines of code Vulnerability details Impact A well known attack vector for almost all shares based liquidity pool contracts, where an early user can manipulate the price per share and profit from late users' deposits because of the precision loss caused by the rather large value of price per share...

[NAZ-M2] First ERC4626Upgradeable Deposit Exploit Can Break Share Calculation

Lines of code Vulnerability details Impact ERC4626Upgradeable is an upgradeable version of Solmate's ERC4626 Token. Solmate's convertToShares function follow the formula: assetDepositAmount totalShareSupply / assetBalanceBeforeDeposit. The share price always return 1:1 with asset token. If...

The vulnerability of the sec_store component in the Android operating system of Samsung devices with Qualcomm chipsets allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the secstore component in the Android operating system on Samsung devices with Qualcomm chipsets SDM660, MSM8998, SDM845, SM8150 arises from the loss of precision for a large number of operations. Exploiting this vulnerability allows an attacker to compromise the...

Truncate of values can be avoided

Lines of code Vulnerability details Truncate of values can be avoided Summary Solidity integer division might truncate. As a result, performing multiplication before division can sometimes avoid loss of precision. Details In general, this is a problem due to precision. In this case, it also affec...

First depositer can break Vault share distributions

Lines of code Vulnerability details The calculation of exchange rate for shares in PirexERC4626 Vault is done by dividing the total supply of shares by the totalAssets of the vault. The first depositor can mint a very small number of shares, then donate to the vault to manipulate the share price...

kernel: ptp: Fix possible memory leak in ptp_clock_register()

In the Linux kernel, the following vulnerability has been resolved: ptp: Fix possible memory leak in ptpclockregister I got memory leak as follows when doing fault injection test: unreferenced object 0xffff88800906c618 size 8: comm "i2c-idt82p33931", pid 4421, jiffies 4294948083 age 13.188s hex...

CVE-2022-42324

Oxenstored 32-31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates off the most...

CVE-2022-42324

Oxenstored 32-31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates off the most...

Divide before multiply

Lines of code Vulnerability details division before multiply Impact Solidity integer division might truncate. As a result, performing multiplication before division can sometimes avoid loss of precision. Proof of Concept In general, this is a problem due to precision. In this case, it also affect...

linuxptp bug fix update

An update is available for linuxptp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The linuxptp packages provide Precision Time Protocol PTP implementation for...

# Divide before multiply affects precision

Lines of code Vulnerability details Divide before multiply affects precision Impact Solidity integer division might truncate. As a result, performing multiplication before division can sometimes avoid loss of precision. Details In general, this is a problem due to precision. In this case, it also...

divide-before-multiply in JBTiered721DelegateStore

Lines of code Vulnerability details Impact Performing multiplication before division can sometimes avoid loss of precision. The calculation of return numberReservedTokensMintable - reserveTokensMinted; results in granting a slightly higher value on each call. Proof of Concept Slither Command...