Out-of-Memory Exception in _performERC1155BatchTransfers Function Leading to Loss of Tokens.

Lines of code Vulnerability details Impact When the safeBatchTransferFrom function reverts, the code copies the revert data to memory in order to revert the transaction. However, the code does not properly handle memory allocation for this data, which could lead to an out-of-memory exception. If ...

CVE-2022-43704

The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, allows an attacker to bypass the intended requirement to communicate using MQTT. It is possible to replay Sinilink aka SINILINK521 protocol udp/1024 commands interfacing directly with the target device. This, in turn, allows for...

rubygem-globalid 安全漏洞

rubygem-globalid is an application of rubygems open source. A security vulnerability exists in rubygem-globalid. An attacker exploited the vulnerability to perform a regular expression denial of service attack...

CVE-2021-27782 HCL BigFix Mobile / Modern Client Management Server passwords are susceptible to a brute-force attack

HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts...

Malicious PyPI Packages Drop Malware in New Supply Chain Attack

By Deeba Ahmed These packages were uploaded between the 7th and 12th of January 2023 with the names "colorslib," "httpslib," and "libhttps." This is a post from HackRead.com Read the original post: Malicious PyPI Packages Drop Malware in New Supply Chain Attack...

CVE-2023-21876

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2023-20058

Cisco Unified Intelligence Center is affected by a reflected XSS in its web-based management interface. The issue arises from inadequate input validation, allowing an unauthenticated, remote attacker to lure a user into clicking a crafted link, which could execute arbitrary script code in the int...

LienToken: Lender and liquidator can collude to block auction and seize collateral

Lines of code Vulnerability details If a lender offers a loan denominated in an ERC20 token that blocks transfers to certain addresses for example, the USDT and USDC blocklist, they may collude with a liquidator or act as the liquidator themselves to prevent loan payments, block all bids in the...

Apache Superset Cross-Site Scripting Vulnerability (CNVD-2023-05220)

A cross-site scripting vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation. The vulnerability stems from a failure of the dashboard rendering to adequately clean up the content of the Markdown component, which could be exploited b...

CVE-2023-23637

IMPatienT before 1.5.2 allows stored XSS via onmouseover in certain text fields within a PATCH /modifyonto request to the ontology builder. This may allow attackers to steal Protected Health Information...

GSD-2023-1001565 wifi: ath9k: verify the expected usb_endpoints are present

wifi: ath9k: verify the expected usbendpoints are present This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.337 by commit...

GSD-2023-1001542 pnode: terminate at peers of source

pnode: terminate at peers of source This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.337 by commit cad0d17fb2b0540180ab59e2cd48ad348cc1ee4c,...

GSD-2023-1001507 perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map()

perf/x86/intel/uncore: Fix reference count leak in snruncoremmiomap This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...

GSD-2023-1001468 media: solo6x10: fix possible memory leak in solo_sysfs_init()

media: solo6x10: fix possible memory leak in solosysfsinit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...

GSD-2023-1001457 wifi: iwlwifi: mvm: fix double free on tx path.

wifi: iwlwifi: mvm: fix double free on tx path. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...

GSD-2023-1001450 ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt

ALSA: mts64: fix possible null-ptr-defer in sndmts64interrupt This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...

GSD-2023-1001408 scsi: snic: Fix possible UAF in snic_tgt_create()

scsi: snic: Fix possible UAF in snictgtcreate This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...

GSD-2023-1001361 net: stream: purge sk_error_queue in sk_stream_kill_queues()

net: stream: purge skerrorqueue in skstreamkillqueues This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...

GSD-2023-1001335 drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback

drm/amdgpu: Fix type of second parameter in odneditdpmtable callback This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...

GSD-2023-1001306 nvme-pci: fix mempool alloc size

nvme-pci: fix mempool alloc size This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit dfb6d54893d544151e7f480bc44cfe7823f5ad23, i...