CVE-2021-3719

CVE-2021-3719 concerns a vulnerability in the SMI callback that handles boot script tables for resuming from sleep state on Lenovo ThinkCentre and ThinkStation desktops/workstations. The issue could let an attacker with local access and elevated privileges execute arbitrary code by exploiting the...

CVE-2021-3719

A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code...

CVE-2021-3599

A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code...

CVE-2021-30264

Possible use after free due improper validation of reference from call back to internal store table in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure a...

Input validation

Possible use after free due improper validation of reference from call back to internal store table in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure a...

CVE-2021-30264

Possible use after free due improper validation of reference from call back to internal store table in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure a...

PT-2021-21565 · Lenovo · Lenovo Thinkstation +1

Name of the Vulnerable Software and Affected Versions: Lenovo ThinkCentre and ThinkStation models affected versions not specified Description: A potential issue in the SMI callback function that handles boot script tables for resuming from sleep state may allow an attacker with local access and...

CVE-2021-39412

Multiple Cross Site Scripting XSS vulnerabilities exists in PHPGurukul Shopping v3.1 via the 1 callback parameter in a serverside/scripts/idjsonp.php, b serverside/scripts/jsonp.php, and c scripts/objectsjsonp.php, the 2 value parameter in examplessupport/editableajax.php, and the 3 PHPSELF...

CVE-2021-39412

Multiple Cross Site Scripting XSS vulnerabilities exists in PHPGurukul Shopping v3.1 via the 1 callback parameter in a serverside/scripts/idjsonp.php, b serverside/scripts/jsonp.php, and c scripts/objectsjsonp.php, the 2 value parameter in examplessupport/editableajax.php, and the 3 PHPSELF...

多款Qualcomm产品资源管理错误漏洞

The Qualcomm MDM9206 and others are products of Qualcomm Incorporated.The MDM9206 is a central processing unit CPU product.The MSM8996AU is a central processing unit CPU product.The QCA6574AU is a central processing unit CPU product. A resource management error vulnerability exists in multiple...

CVE-2021-38258

NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USBHostProcessCallback...

Exploit for Use After Free in Microsoft

CallbackHell Exploit for CVE-2021-40449 Win32k - LPE - Ca...

GHSA-QF6Q-QFWP-VP44 Origin Validation Error in Magento 2

An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings merchant ID, secret key, etc. and therefor...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

createBasket re-entrancy

Handle pauliax Vulnerability details Impact function createBasket in Factory should also be nonReentrant as it interacts with various tokens inside the loop and these tokens may contain callback hooks. Recommended Mitigation Steps Add nonReentrant modifier to the declaration of createBasket. ---...

Funds in the pool could be stolen by exploiting flashSwap in HybridPool

Handle broccoli Vulnerability details Impact An attacker can call the bento.harvest function during the callback function of a flash swap of the HybridPool to reduce the number of input tokens that he has to pay to the pool, as long as there is any unrealized profit in the strategy contract of th...

Reentrancy in withdraw. Reentrancy guard is missing,

Handle pants Vulnerability details Reentrancy problem in withdraw for any token with callback in transfer. Thereare multiple standards that allow that and therefore allows reentrancy attacks on your contract. line 115 --- The text was updated successfully, but these errors were encountered: All...

IndexPool's flashswap trasfer before callback

Handle 0xsanson Vulnerability details Impact The flashswap function in IndexPool.sol doesn't fulfill its function. Indeed it should transfer tokens to the users before they need to pay back, but the transfer happens at the end: ... ITridentCalleemsg.sender.tridentSwapCallbackcontext; // @dev Chec...

IndexPool's flashSwap does not transfer tokens before the callback

Handle cmichel Vulnerability details The IndexPool.flashSwap function calls ITridentCalleemsg.sender.tridentSwapCallbackcontext before transferring the tokens to the recipient via tranfer. Impact It's very important that the tokens are transferred to the caller before the callback. The use-case o...

CLSA-2021-1632262269 Fix of CVE: CVE-2021-34693, CVE-2021-20292, CVE-2021-28972, CVE-2021-20265, CVE-2021-32399, CVE-2014-4508, CVE-2021-3612, CVE-2021-3178, CVE-2021-37159, CVE-2021-38205, CVE-2021-3573, CVE-2021-38160

ELSCVE-666: CVE-2021-34693: can: bcm: fix infoleak in struct bcmmsghead - ELSCVE-705: CVE-2021-38160: virtioconsole: Assure used length from device is limited - ELSCVE-769: CVE-2014-4508: x8632, entry: Do syscall exit work on badsys CVE-2014-4508 - ELSCVE-844: CVE-2021-3573: Bluetooth: use...