964 matches found
GHSA-JQWC-C49R-4W2X Miscompilation of `i8x16.swizzle` and `select` with v128 inputs
Impact Wasmtime's implementation of the SIMD proposal for WebAssembly on x8664 contained two distinct bugs in the instruction lowerings implemented in Cranelift. The aarch64 implementation of the simd proposal is not affected. The bugs were presented in the i8x16.swizzle and select WebAssembly...
Miscompilation of `i8x16.swizzle` and `select` with v128 inputs
Impact Wasmtime's implementation of the SIMD proposal for WebAssembly on x8664 contained two distinct bugs in the instruction lowerings implemented in Cranelift. The aarch64 implementation of the simd proposal is not affected. The bugs were presented in the i8x16.swizzle and select WebAssembly...
Basket NFT have no name and symbol
Lines of code Vulnerability details Impact The Basket contract is intended to be used behind a proxy. But the ERC721 implementation used is not upgradeable, and its constructor is called at deployment time on the implementation. So all proxies will have a void name and symbol, breaking all...
CVE-2020-11722
Dungeon Crawl Stone Soup aka DCSS or crawl before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file...
IBM Java 7.0 < 7.0.10.45 / 7.1 < 7.1.4.45 / 8.0 < 8.0.5.35
The version of IBM Java installed on the remote host is prior to 7.0 7.0.10.45 / 7.1 7.1.4.45 / 8.0 8.0.5.35. It is, therefore, affected by a vulnerability as referenced in the IBM Security Update April 2019 advisory. - In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier...
CVE-2021-41041
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles...
CVE-2021-41041
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles...
UBUNTU-CVE-2021-41041
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles...
Design/Logic Flaw
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles...
CVE-2021-41041
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles...
CVE-2021-41041
CVE-2021-41041 affects Eclipse OpenJ9 (Java VM) prior to 0.32.0. When bytecode verification is triggered by a MethodHandle invocation, the exception raised during verification may not be thrown, allowing unverified methods to be invoked via MethodHandles. This creates a potential for untrusted co...
CVE-2021-41041
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles...
Eclipse OpenJ9 安全漏洞
Eclipse OpenJ9 is a Java application engine from the Eclipse Foundation. The product is primarily used to run Java applications. A security vulnerability exists in Eclipse Openj9 versions prior to 0.32.0 that stems from Java 8 & 11's inability to throw an exception caught during bytecode validati...
PT-2022-11360 · Eclipse +4 · Eclipse Openj9 +4
Name of the Vulnerable Software and Affected Versions: Eclipse Openj9 versions prior to 0.32.0 Description: The issue arises when Java 8 and 11 fail to throw an exception captured during bytecode verification triggered by a MethodHandle invocation. This allows unverified methods to be invoked usi...
Buffer Overflow in vyper
Impact Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a buffer overrun. Patches 0.3.2 as of https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b Workarounds Use .vy...
Buffer overflow
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a...
CVE-2022-24788 Buffer overflow in Vyper
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a...
CVE-2022-24788 Buffer overflow in Vyper
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a...
Wasmtime Resource Management Error Vulnerability
Wasmtime, a Bytecode Consortium project, is a standalone wasm-optimized runtime for WebAssembly and WASI only. a resource management error vulnerability exists in Wasmtime, which stems from the fact that when running Wasm with externrefs and epoch interrupts are enabled in Wasmtime, a use after...
DoS: Attacker May Front-Run CoreFactory.createProject() Or CoreFactory.addCollection() With A collection.id Causing Future Transactions With The Same collection.id to Revert
Lines of code Vulnerability details Impact A collection.id may only be used once in CoreFactory.createCollection since the the contract is deployed using the create2 opcode with a repeated salt and contract bytecode will fail to deploy a contract. Furthermore, the modifier onlyAvailableCollection...