UNSAFE CASTING CAN LEAD TO ERRORNEOUS utility VALUE CALCULATION

Lines of code Vulnerability details Impact The EvolvingProteus.getUtility function is used to calculate the utility value of the pool at the time of the function call. The utilitiy is calculated using a quadratic formula which is shown below: kab - 1u2 + ay + bxu + xy/k = 0 Above quadratic equati...

PROPOSAL DEADLINE IS NOT CHECKED DURING VOTE CASTING IN _countVote FUNCTION

Lines of code Vulnerability details Impact The SecurityCouncilNomineeElectionGovernorCountingUpgradeable is an abstract contract which is inherited by the SecurityCouncilNomineeElectionGovernor contract. The SecurityCouncilNomineeElectionGovernorCountingUpgradeable.countVote function is responsib...

Risk of silent overflow in rngComplete rewards cast

Lines of code Vulnerability details Impact The rngComplete function uses the rewards function from the RewardLib library to calculates the rewards that should be given, the rewards returned by the rewards function are of type uint256 but before proceeding to the reward transfer the call to...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which originates from an incomplete access permission checking vulnerability in one of the interfaces of...

OESA-2023-1349 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

Integer Overflow

ImageMagick is vulnerable to Integer Overflow. The vulnerability exists due to improper casting of double to sizet which allows an attacker to cause an application crash...

Misaligned pointer dereference in `ChunkId::new`

The function ChunkId::new creates a misaligned pointer by casting mutable pointer of u8 slice which has alignment 1 to the mutable pointer of u32 which has alignment 4, and dereference the misaligned pointer leading UB, which should not be allowed in safe function...

getPORFeedData() doesn't validate price feed answers (totalETHBalanceInInt and totalETHXSupplyInInt) before casting to uint256

Lines of code Vulnerability details Impact If a negative value is returned 0 from chainlink oracle and the value is cast to type uint256, the resulting value will be the unsigned representation of that value which will be an inaccurate price. Also, cases where sdprice can't be less than 0 will...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scene distributed operating system based on a microkernel. Huawei HarmonyOS has a security vulnerability, which stems from the Huawei VR casting screen has a problem with stray permissions, attackers can use the...

DEBIAN-CVE-2023-28162

While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...

CVE-2023-28162

While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...

CVE-2023-28162

While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...

CVE-2023-28162

While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...

CVE-2023-28162

While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...

CVE-2023-33764

eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a stored cross-site scripting XSS vulnerability via the component /de/casting/show/detail/...

CVE-2023-33764

eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a stored cross-site scripting XSS vulnerability via the component /de/casting/show/detail/...

CVE-2023-34151

A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to sizet in svg, mvg and other coders recurring bugs of CVE-2022-32546...

DEBIAN-CVE-2023-34151

A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to sizet in svg, mvg and other coders recurring bugs of CVE-2022-32546...

CVE-2023-34151

A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to sizet in svg, mvg and other coders recurring bugs of CVE-2022-32546...

Design/Logic Flaw

A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to sizet in svg, mvg and other coders recurring bugs of CVE-2022-32546...