Burn logic issue due to lack of checking parameter 0 in burnWithReserve function

Lines of code Vulnerability details Impact The token quantity is sent to 0 and then the token is internally burned, causing a logic problem. Proof of Concept 1. burnWithReserve - reservePPM = 0 2. calculateFreedAmount call - The result is scaled by the ratio of currentReserve and minterReserve...

Juniper Networks Junos OS 代码问题漏洞

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. A code issue vulnerability exists in Juniper Networks Junos OS that stems from the fact that in a 6PE scenario, if...

Security Bulletin: Vulnerabilities in php53 affect IBM BladeCenter Advanced Management Module (AMM) (CVE-2017-9227, CVE-2017-9226, CVE-2017-9224)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in php53. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in php53. Vulnerability Details CVEID: CVE-2017-9227 Description:...

PT-2023-3155 · Totolink · Totolink X18

Name of the Vulnerable Software and Affected Versions: TOTOLINK X18 version 9.1.0cu.2024 B20220329 Description: The issue is related to a command injection vulnerability via the hostname parameter in the setOpModeCfg function. This vulnerability is associated with insufficient argument checking,...

FreeBSD : py-cryptography -- includes a vulnerable copy of OpenSSL (c1a8ed1c-2814-4260-82aa-9e37c83aac93)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c1a8ed1c-2814-4260-82aa-9e37c83aac93 advisory. - There is a type confusion vulnerability relating to X.400 address processing inside an X.509...

Jenkins Plugin Quay.io trigger 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

USN-6007-1: Linux kernel (GCP) vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

UNISOC Chipsets 代码问题漏洞

UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in UNISOC Chipsets that stems from a lack of privilege checking, which could lead to a local denial of service...

UNISOC Chipsets 安全漏洞

UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in UNISOC Chipsets that stems from a lack of privilege checking, which could lead to a local denial of service...

UNISOC Chipsets 安全漏洞

UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in UNISOC Chipsets that stems from a lack of privilege checking, which could lead to a local denial of service...

UNISOC Chipsets 安全漏洞

UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in UNISOC Chipsets that stems from a lack of privilege checking, which could lead to a local denial of service...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libgit2 (SUSE-SU-2023:1788-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1788-1 advisory. - CVE-2023-22742: Verify ssh remote host keys bsc1207364 Tenable has extracted the preceding description...

MediaTek 芯片缓冲区错误漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company. A security vulnerability exists in the MediaTek chips that stems from a lack of boundary checking, which may result in out-of-bounds writes...

MediaTek 芯片缓冲区错误漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company. A security vulnerability exists in the MediaTek chips that stems from a lack of boundary checking, which may result in out-of-bounds writes...

MediaTek 芯片缓冲区错误漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company. A security vulnerability exists in the MediaTek chips that stems from a lack of boundary checking, which could lead to out-of-bounds reads. An attacker could exploit this vulnerability to disclose local information. The...

MediaTek 芯片缓冲区错误漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company. A security vulnerability exists in the MediaTek chips due to a lack of boundary checking, which may allow out-of-bounds writes...

MediaTek 芯片缓冲区错误漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company. A security vulnerability exists in the MediaTek chips that stems from a lack of boundary checking, which may result in out-of-bounds writes...

MediaTek 芯片缓冲区错误漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company. A security vulnerability exists in the MediaTek chips, which stems from a lack of boundary checking and could lead to out-of-bounds writes. An attacker could exploit the vulnerability to escalate privileges. The following...

MediaTek 芯片缓冲区错误漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company. A security vulnerability exists in the MediaTek chips, which stems from a lack of boundary checking. The vulnerability can be exploited by an attacker to escalate privileges. The following products are affected: MT5221, MT678...

CVE-2023-1814

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. Chromium security severity: Medium...