PT-2022-9902 · Arista · Arista Eos

Name of the Vulnerable Software and Affected Versions: Arista EOS affected versions not specified Description: The issue occurs when a Precision Time Protocol PTP packet with an invalid Type-Length-Value TLV is received, causing the PTP agent to restart. Repeated restarts of the service will make...

CVE-2022-22558

Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker could potentially exploit this vulnerability leading to arbitrary writes or denial of service...

CVE-2022-22558

Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker could potentially exploit this vulnerability leading to arbitrary writes or denial of service...

Economic calculation may not be precise enough

Lines of code Vulnerability details In Funding.sol, the assetDecimalsNormalizationValue is set to 10 asset.decimals, later it is used to determine home many token units there are per one asset token in human representation. Firstly, this may be highly dangerous as .decimals return value isn't sai...

Initial StakedCitadel deposit with amount=1 wei causes very expensive share price leading to precision errors and loss of funds

Lines of code Vulnerability details Impact The first depositor into StakedCitadel is able to maliciously manipulate the share price by depositing the lowest possible amount 1 wei and then artificially blowing up the StakedCitadel Citadel token balance. Following depositors will loose their...

CVE-2021-21947

Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This heap-based...

CVE-2021-21946

Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This heap-based...

CVE-2021-21947

CVE-2021-21947 affects Accusoft ImageGear 19.10. The JPEG-JFIF lossless Huffman parser has two heap-based buffer overflow vulnerabilities triggered by loading JPEG data; the overflow occurs in the lossless path when SOF3 precision is >= 9 (and also discussed for precision

CVE-2021-21946

Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This heap-based...

PT-2022-9210 · Accusoft · Accusoft Imagegear

Name of the Vulnerable Software and Affected Versions: Accusoft ImageGear version 19.10 Description: Two heap-based buffer overflow issues exist in the JPEG-JFIF lossless Huffman image parser functionality. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a...

PT-2022-9209 · Accusoft · Accusoft Imagegear

Name of the Vulnerable Software and Affected Versions: Accusoft ImageGear version 19.10 Description: Two heap-based buffer overflow issues exist in the JPEG-JFIF lossless Huffman image parser functionality. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a...

Initial yVault deposit with amount=1 wei causes very expensive share price leading to precision errors and loss of funds

Lines of code Vulnerability details Impact The first depositor into yVault is able to maliciously manipulate the share price by depositing the lowest possible amount 1 wei and then artificially blowing up the yVault token balance. Following depositors will loose their deposited funds due to...

requiredImprovementRate can not work as expected when previousInterestRate less than 10 due to precision loss

Lines of code Vulnerability details uint256 previousInterestRate = loan.perAnumInterestRate; uint256 previousDurationSeconds = loan.durationSeconds; requireinterestRate = previousDurationSeconds, 'NFTLoanFacilitator: duration too low'; requirepreviousLoanAmount requiredImprovementRate / SCALAR =...

Precision loss

Lines of code Vulnerability details Impact In line 729 of HolyPaladinToken.sol a huge precision loss occurs if dropDecreaseDuration is not a multiple of MONTH. In its current implementation dropDecreaseDuration / MONTH will get rounded down, which means that dropDecreaseDuration of 1 month and 29...

DropPerSecond is not updated homogeneously, the rewards emission can be much higher than expected in some cases

Lines of code Vulnerability details function updateDropPerSecond internal returns uint256 // If no more need for monthly updates = decrease duration is over ifblock.timestamp startDropTimestamp + dropDecreaseDuration // Set the current DropPerSecond as the end value // Plus allows to be updated i...

CVE-2022-22558

Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker could potentially exploit this vulnerability leading to arbitrary writes or denial of service...

Reward calculations can be rendered to zero due to the lack of precision

Lines of code Vulnerability details Impact On a combination of high enough token value and low enough decimals there can be not enough precision to store reward amount, which can be permanently hid from a user as a result. I.e. on such a combination there will effectively be no rewards for some...

[WP-H17] Users will lose a majority or even all of the rewards when the amount of total shares is too large, due to precision loss

Lines of code Vulnerability details function getUpdatedAccTokenPerShareaddress baseToken public view returns uint256 uint256 accumulator = 0; uint256 lastUpdatedTime = poolInfobaseToken.lastRewardTime; uint256 counter = block.timestamp; uint256 i = rewardRateLogbaseToken.length - 1; while true if...

[WP-H8] Wrong formula for the fee to be added to the incentivePool

Lines of code Vulnerability details The protocol takes part of the fees to incentivize liquidity, which is recorded as incentivePooltokenAddress on LiquidityPool.sol. However, the formula used to calculate the updated amount of incentivePooltokenAddress in the current implementation is wrong...

LiquidityPool:getAmountToTransfer() has incorrect calculation due to incorrect bracket placement

Lines of code Vulnerability details Impact In the scenario where the transfer fee exceeds the equilibrium fee, the excess gets credited to the incentive pool. The incentive pool fee added is incentivePooltokenAddress = incentivePooltokenAddress + amount transferFeePerc -...