Huawei EulerOS: Security Advisory for gmp (EulerOS-SA-2022-1253)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[WP-H1] The value of LP token can be manipulated by the first minister, which allows the attacker to dilute future liquidity providers' shares

Handle WatchPug Vulnerability details For the first minter of an Exchange pool, the ratio of X/Y and the totalSupply of the LP token can be manipulated. A sophisticated attacker can mint and burn all of the LP tokens but 1 Wei, and then artificially create a situation of rebasing up by transferri...

[WP-H27] IndexTemplate.sol#compensate() will most certainly fail

Handle WatchPug Vulnerability details Root Cause Precision loss while converting between the amount of shares and the amount of underlying tokens back and forth is not handled properly. uint256 shortage; if totalLiquidity amount //Insolvency case shortage = amount - value; uint256 cds =...

CVE-2021-41577: MITM to RCE in EVGA Precision X1

The post CVE-2021-41577: MITM to RCE in EVGA Precision X1 appeared first on Rhino Security Labs...

EVGA Precision XOC has an unspecified vulnerability

EVGA Precision XOC is EVGA's This software allows you to fine-tune your NVIDIA graphics card to maximize cooling and performance. A security vulnerability exists in EVGA Precision XOC, which can be exploited by attackers to access sensitive components and data...

CVE-2020-22057

The WinRin0x64.sys and WinRing0.sys low-level drivers in EVGA Precision XOC version v6.2.7 were discovered to be configured with the default security descriptor which allows attackers to access sensitive components and data...

CVE-2020-22057

The WinRin0x64.sys and WinRing0.sys low-level drivers in EVGA Precision XOC version v6.2.7 were discovered to be configured with the default security descriptor which allows attackers to access sensitive components and data...

Design/Logic Flaw

The WinRin0x64.sys and WinRing0.sys low-level drivers in EVGA Precision XOC version v6.2.7 were discovered to be configured with the default security descriptor which allows attackers to access sensitive components and data...

CVE-2020-22057

CVE-2020-22057 affects EVGA Precision XOC v6.2.7, where WinRin0x64.sys and WinRing0.sys low-level drivers are configured with the default security descriptor, enabling network-adjacent attackers to access sensitive components and data. Root cause is insecure access control on privileged drivers; ...

CVE-2020-22057

The WinRin0x64.sys and WinRing0.sys low-level drivers in EVGA Precision XOC version v6.2.7 were discovered to be configured with the default security descriptor which allows attackers to access sensitive components and data...

EVGA Precision XOC 安全漏洞

EVGA Precision XOC is EVGA's This software allows you to fine-tune your NVIDIA graphics card to maximize cooling and performance. A security vulnerability exists in EVGA Precision XOC, which can be exploited by attackers to access sensitive components and data...

Lost fees due to precision loss in fees calculation

Handle kenzo Vulnerability details In fees calculation, division is being used in the midst of the calculation, not at the end of it. This leads to lost precision in fee amount as solidity doesn't save remainder of division. Division should happen at the end to maintain precision. Impact Lost fee...

YearnVault.sol#pull() will most certainly fail

Handle WatchPug Vulnerability details for uint256 i = 0; i balance yTokenAmount = balance; if yTokenAmount == 0 continue; yToken.withdrawyTokenAmount, to, maxLoss; tokenAmountsi, addressthis; actualTokenAmounts = tokenAmounts; The actual token withdrew from yToken.withdraw will most certainly be...

SUSE SLED12 / SLES12 Security Update : gmp (SUSE-SU-2021:3878-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3878-1 advisory. - GNU Multiple Precision Arithmetic Library GMP through 6.2.1 has an mpz/inpraw.c integer overflow and resultant buffer overflow vi...

CVE-2021-28706

guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precision, which may...

GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input leading to a segmentation fault on 32-bit platforms.

...

YaxisVaultAdapter.sol#withdraw() will most certainly fail

Handle WatchPug Vulnerability details The actual token withdrawn from vault.withdraw will most certainly less than the amount, due to precision loss in tokensToShares and vault.withdraw. As a result, IDetailedERC20token.safeTransferrecipient, amount will revert due to insufficant balance. Based o...

CVE-2021-43618

GNU Multiple Precision Arithmetic Library GMP through 6.2.1 has an mpz/inpraw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms...

ALPINE-CVE-2021-43618

GNU Multiple Precision Arithmetic Library GMP through 6.2.1 has an mpz/inpraw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms...

CVE-2021-43618

CVE-2021-43618 affects GMP up to version 6.2.1. The issue is an integer overflow in mpz/inp_raw.c that can cause a buffer overflow, leading to a segmentation fault on 32‑bit platforms. Public advisories in multiple distributions confirm a patched release is available (e.g., GMP 6.2.1-2 and newer;...