165 matches found
CVE-2021-40055
There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity...
CVE-2021-40055
There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity...
Design/Logic Flaw
There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity...
CVE-2021-40055
There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity...
CVE-2021-40055
CVE-2021-40055 describes a man-in-the-middle attack vulnerability during system update download in recovery mode that can compromise integrity. Connected records corroborate this as a MITM issue affecting Huawei EMUI and Magic UI (Android-based). The NVD details indicate impact to integrity (I) a...
CVE-2021-40045
There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2021-40045
There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerability may affect service confidentiality...
Privilege escalation
There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2021-40045
CVE-2021-40045 concerns Huawei HarmonyOS (Wearables recovery upgrade system) where the signature verification mechanism can fail during system upgrade in recovery mode. The underlying vulnerability is a signature verification failure that can affect confidentiality of service. The NVD entry notes...
Unable to remove liquidity in Recovery Mode
Handle gzeon Vulnerability details Impact According to When the Malt price TWAP drops below a specified threshold eg 2% below peg then the protocol will revert any transaction that tries to remove Malt from the AMM pool ie buying Malt or removing liquidity. Users wanting to remove liquidity can...
GHSA-XH2P-7P87-FHGH Incorrect TCR calculation in batchLiquidateTroves() during Recovery Mode
TCR is temporarily miscalculated in the batchLiquidateTroves function during Recovery Mode. The bug lies in batchLiquidateTroves of TroveManager. When calculating system's entire collateral, we should also exclude the liquidated trove's surplus collateral, since liquidation closes the trove and...
Incorrect TCR calculation in batchLiquidateTroves() during Recovery Mode
TCR is temporarily miscalculated in the batchLiquidateTroves function during Recovery Mode. The bug lies in batchLiquidateTroves of TroveManager. When calculating system's entire collateral, we should also exclude the liquidated trove's surplus collateral, since liquidation closes the trove and...
libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode
A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in recovery mode and post validated. The highest threat from this vulnerability is to system...
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
...
DEBIAN-CVE-2021-3537
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest...
ALPINE-CVE-2021-3537
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest...
UBUNTU-CVE-2021-3537
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest...
CVE-2021-3537
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest...
Denial Of Service (DoS)
libxml2 is vulnerable to denial of service. It is due to a NULL pointer dereference when post-validating mix content parsed in recovery mode...
PT-2021-4589
Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.11 Description The issue is related to the libxml2 library's parser component, which fails to propagate errors when parsing XML content. This can be exploited by a remote attacker using a specially crafted XML...