86 matches found
Netty 安全漏洞
Netty is a non-blocking I/O client-server framework from the Netty community, which is primarily used for developing Java web applications such as protocol servers and clients. A security vulnerability exists in versions prior to Netty 4.1.108.Final, which stems from the "HttpPostRequestDecoder"...
PT-2024-2588
Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.108.Final Description The issue is related to the HttpPostRequestDecoder in Netty, which can be tricked to accumulate data without limits. This can be achieved by sending a chunked post consisting of many small fiel...
ALSA-2024:0474 Moderate: tomcat security update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Open Redirect vulnerability in FORM authentication CVE-2023-41080 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows CVE-2023-42794 tomcat: improper...
Moderate: tomcat security update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Open Redirect vulnerability in FORM authentication CVE-2023-41080 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows CVE-2023-42794 tomcat: improper...
The creator does not receive additional ether - it accumulates on the contract
Lines of code Vulnerability details Impact In some cases, the ERC20TokenEmitter contract may accumulate residual ether that was not sent to the creator. The contract does not have a function to pick up the remaining ether. When a user wants to buy tokens, he sends ether to the...
Decimal Precision Issue in Price Calculations
Lines of code Vulnerability details Impact The getRSETHPrice function perform calculations like multiplying prices by amounts without considering the token decimals. This can cause errors to accumulate over multiple calculations. Ignoring token decimals when performing price calculations can caus...
Interest accumulation linked to state updates may leak value
Lines of code Vulnerability details Impact The protocol compounds interest on every call that updates the state. This is an intentional design choice. However, this does mean that the total return for the lender, and, conversely, the cost of debt for the borrower, can be influenced by the frequen...
CVE-2023-42794 Apache Tomcat: FileUpload: DoS due to accumulation of temporary files on Windows
Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened ...
_weight - voter.deductions can revert in underflow when counting the vote
Lines of code Vulnerability details Impact weight - voter.deductions can revert in underflow when counting the vote Proof of Concept In the current implementation, when a voting, the function countVote is triggered, this function is overriden in the function GovernorCountingOverridable.sol weight...
Whales can freeze all user funds
Lines of code Vulnerability details Impact Whales can freeze user funds by adding large amounts of a smaller token, while keeping collateral in other tokens. By accumulating interest in the small token, they will be able to call reduceReserves once the interest increased enough to match the cash...
SUSE CVE-2021-28677
An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could...
A Theoretical-Gaming Vulnerability
Lines of code Vulnerability details Impact There is a theoretical-gaming vulnerability in the project. Currently, users are able to set up a graph in which money should flow from one vertex to another. The user sets the split configuration on their account and there is a public function...
tokenBalanceOfAddress of nftOwner becomes permanently incorrect after arbRestake
Handle hyh Vulnerability details Impact Sucessfull arbRestake performs redeemShares for arbRewardShares amount to extract the arbitrager reward. This effectively reduces shares accounted for an NFT, but leaves untouched the addressShares of an nftOwner. As a result the tokenBalanceOfAddress...
Rewards accumaulated can stay constant and oftern not increment
Handle moose-code Vulnerability details Impact rewardsPerToken.accumulated can stay constant while rewardsPerToken.lastUpdated is continually updated, leading to no actual rewards being distributed. I.e. No rewards accumulate. Proof of Concept Line 115, rewardsPerToken.accumulated could stay...
wildfly: Some EJB transaction objects may get accumulated causing Denial of Service
A flaw was found in Wildfly's EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system...
DEBIAN-CVE-2021-28677
An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could...
wildfly: Some EJB transaction objects may get accumulated causing Denial of Service
A flaw was found in Wildfly's EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system...
wildfly: Some EJB transaction objects may get accumulated causing Denial of Service
A flaw was found in Wildfly's EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system...
CVE-2018-16069
CVE-2018-16069 affects SwiftShader in Google Chrome/Chromium. The initial description ties the vulnerability to unintended floating-point error accumulation that could leak cross-origin data via a crafted HTML page. Several connected advisories corroborate that this CVE was addressed in Chromium ...
CVE-2018-1786
IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSEWAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871...