ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use()

...

Server Side Request Forgery

mobsf is vulnerable to Server Side Request Forgery. The vulnerability is due to a flaw in the firebase database check logic, allowing attackers to manipulate the server to make connections to internal-only services within the organization's infrastructure when a malicious app is uploaded to the...

Memory corruption in getBytes32FromBytes() can likely lead to loss of funds

Lines of code Vulnerability details Description The LibBytes library is used to read and store uint128 types compactly for Well functions. The function getBytes32FromBytes will fetch a specific index as bytes32. / @dev Read the ith 32-byte chunk from data. / function getBytes32FromBytesbytes memo...

the swapFrom() function allows the Fee On Transfer tokens and _setReserves doesn't revert

Lines of code Vulnerability details Impact the protocol supports the fee on transfer tokens and has implemented a special capable function for it and wants to not allow and revert the fee on transfer tokens in normal SwapFrom function as it says in comments of swapfrom function @dev MUST revert i...

An early check logic in StabilizerNode.stabilize prevents possible stabilization.

Lines of code Vulnerability details Impact An early check logic in StabilizerNode.stabilize prevents possible stabilization. Proof of Concept In StabilizerNode.stabilize, there is an early check logic for exchangeRate and auction state. If shouldAdjustSupply returns false, stabilize will end...

CVE-2022-28784

Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic...

CVE-2022-28790

Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic...

CVE-2022-28786

Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic...

CVE-2022-28785

CVE-2022-28785 concerns an improper buffer size check in the aviextractor library prior to Samsung’s SMR May-2022 Release 1, enabling out-of-bounds reads and a potential temporary denial-of-service. Multiple connected sources (NVD, Red Hat advisory, CVE listings, Samsung SMR notes) confirm the is...

DoS at CitadelMinter.sol

Lines of code Vulnerability details Impact At CitadelMinter.sol, Funding Pool Weight can't be set at the beginning since totalFundingPoolWeight value is not assigned and Zero meanwhile being cached to newTotalWeight. Hence the substraction will not perform as it will yield to a negative value whi...

Input validation

An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE...

Description of the security update for SharePoint Foundation 2013: October 10, 2017

Description of the security update for SharePoint Foundation 2013: October 10, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...

Description of the security update for SharePoint Server 2013: October 10, 2017

Description of the security update for SharePoint Server 2013: October 10, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsof...