TransmuterBuffer's _alchemistWithdraw use hard coded slippage that can lead to user losses

Lines of code Vulnerability details exchange - exchange - alchemistWithdraw is user funds utilizing call sequence and the slippage hard coded to 1% there can cause a range of issues. For example, if there is not enough shares, the number of shares to withdraw will be unconditionally reduced to th...

ChainlinkInceptionPriceFeed can report stale price

Lines of code Vulnerability details As stale price is determined by time since last timestamp, the price that is most recent, but wasn't updated for more than PRICEORACLESTALETHRESHOLD say there were no trades on the market will be rejected, which makes system unavailable in such a case. This can...

CVE-2022-23163

Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerability. A local malicious user could potentially exploit this vulnerability, leading to denial of service/data unavailability...

CVE-2022-27655

When a user opens a manipulated Universal 3D .u3d, 3difr.x3d received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application...

CVE-2022-26107

When a user opens a manipulated Jupiter Tesselation .jt, JTReader.x3d received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application...

CVE-2022-27654

When a user opens a manipulated Photoshop Document .psd, 2d.x3d received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application...

CVE-2022-26108

When a user opens a manipulated Picture Exchange .pcx, 2d.x3d received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application...

Dell Technologies Dell PowerScale OneFS 安全漏洞

Dell PowerScale OneFS is a PowerScale OneFS operating system that provides scale-out NAS. Dell PowerScale OneFS has a security vulnerability that could be exploited by an attacker to cause a denial of service or data unavailability...

GHSA-JX8F-CPX7-FV47 Allocation of Resources Without Limits or Throttling in nvflare

Impact NVIDIA FLARE contains a vulnerability in Admin Interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable All versions before 2.0.16 are affected. Patches The patch will be included in nvflare==2.0.1...

CVE-2022-21822

NVIDIA FLARE contains a vulnerability in the admin interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable...

Design/Logic Flaw

NVIDIA FLARE contains a vulnerability in the admin interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable...

NVIDIA FLARE 安全漏洞

NVIDIA FLARE is an open source FL SDK from NVIDIA, Inc. that allows researchers and data scientists to adapt existing ML/DL workflows to a federated paradigm and enables platform developers to build secure, privacy-preserving products for distributed multi-party collaboration. A security...

CVE-2022-23163

Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerability. A local malicious user could potentially exploit this vulnerability, leading to denial of service/data unavailability...

Format string

When a user opens a manipulated JPEG file format .jpg, 2d.x3d received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE...

GHSA-JRFJ-98QG-QJGV Denial of service in sidekiq

In api.rb in Sidekiq before 6.4.0 and 5.2.10, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users...

Code injection

In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users...

CVE-2021-44160

Carinal Tien Hospital Health Report System’s login page has improper authentication, a remote attacker can acquire another general user’s privilege by modifying the cookie parameter without authentication. The attacker can then perform limited operations on the system or modify data, making the...

A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service which becomes unresponsive after this flaw is triggered.

...

CVE-2021-42069

When a user opens manipulated Tagged Image File Format .tif file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application...

CVE-2021-41950

A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the...