多款Qualcomm产品代码问题漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and are from time to time fabricated on the surface of semiconductor wafers. A code issue vulnerability exists in Qualcomm products that could...

gif2apng 缓冲区错误漏洞

gif2apng is a simple program that converts animations from GIF to APNG format. gif2apng suffers from a buffer overflow vulnerability that stems from an incorrect while loop in the product code, which can be exploited by an attacker to cause a buffer overflow...

Reward not transferred correctly

Handle csanuragjain Vulnerability details Impact Monetary loss for user Proof of Concept 1. Navigate to contract at 2. Let us see sendJoeReward function function sendJoeRewardaddress rewardOwner, address to internal // harvests all JOE that the WJLP contract is owed MasterChefJoe.withdrawpoolPid,...

Chain Sea Ai Chatbot System 代码问题漏洞

Chain Sea Ai Chatbot System is an intelligent human customer service software from Chain Sea, a Chinese company. or execute arbitrary code to take control of the system or terminate the service...

Inability to de-op players if listed in ops.txt with non-lowercase letters

Impact Originally reported in iTXTech/Genisys1188 txt PotterHarry98 potterharry98 deop PotterHarry98 will remove potterharry98 from the ops.txt but not PotterHarry98. Operator permissions are checked using Config-exists with lowercase=true, which will result in a match:...

mruby 代码问题漏洞

mruby is a lightweight implementation of the Ruby language. mruby suffers from a denial-of-service vulnerability that stems from the vulnerability of mruby to null pointer dereference. An attacker could exploit this vulnerability to cause a denial of service...

Veritas Enterprise Vault Code Issue Vulnerability (CNVD-2021-95591)

Veritas Enterprise Vault is an enterprise-grade file protection, archiving automation software from Veritas, USA. A security vulnerability exists in Veritas Enterprise Vault 14.1.2 and earlier versions, where Enterprise Vault application startup launches multiple services that listen for commands...

Possible price manipulation while adding liquidity to uniV3

Handle 0x421f Vulnerability details Right now if we see the code there are no checks before liq being added to check if pool is manipulated. Hence there rises possibility of sandwich attack vector here, more so with concentrated liq imo Could be done with flash loan or with own tokens Attack woul...

Smart Contract Bug Results in $31 Million Loss

A hacker stole $31 million from the blockchain company MonoX Finance , by exploiting a bug in software the service uses to draft smart contracts. Specifically, the hack used the same token as both the tokenIn and tokenOut, which are methods for exchanging the value of one token for another. MonoX...

Zulip 代码问题漏洞

Zulip is a powerful open source group chat application from the Zulip team. Used to combine the immediacy of real-time chat with the productivity benefits of threaded conversations, Zulip suffers from a code issue vulnerability that stems from improper design or implementation during the code...

Aom 缓冲区错误漏洞

Aom is a next-generation open-source digital media technology for everyone, organized by the Alliance For Open Media USA. A security vulnerability exists in AOM version 2.0.1, which stems from a segmentation violation in the component aomdsp/x86/obmcsadavx2.c. The vulnerability is caused by the...

Business-Dna Solution GmbH TopEase 代码问题漏洞

Business-Dna Solution GmbH TopEase is a "Transformational Risk" solution from Business-Dna Solution GmbH, Switzerland. It is used to manage complex projects and initiatives comprehensively, simply, quickly and securely. A code issue vulnerability exists in Business-Dna Solution GmbH TopEase, whic...

PortlandLabs Concrete Cms 代码问题漏洞

PortlandLabs Concrete Cms is a team-oriented open source content management system from PortlandLabs, Inc. PortlandLabs Concrete CMS has a code issue vulnerability that can be exploited by attackers in a private LAN and exploit local network appandb...

Amazon FreeRTOS 代码问题漏洞

A code issue vulnerability exists in Amazon FreeRTOS, an open source operating system for microcontrollers from Amazon.com, which stems from the product's failure to add valid permissions. An attacker could invoke the functions via non-kernel code through this vulnerability...

编号撤回

Nim is a statically typed programming language from the Nim community. nim has a code issue vulnerability that can be exploited by attackers to bypass checks and launch SSRF attacks using null bytes...

Design/Logic Flaw

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attack against FreeSWITCH and receive the...

Stack overflow

The affected product’s code base doesn’t properly control arguments for specific functions, which could lead to a stack overflow...

Trend Micro Apex One Uncontrolled Search Path Element Vulnerability

Trend Micro Apex One is a suite of endpoint security protection software from Trend Micro that provides automated threat detection and response capabilities. Trend Micro Apex One suffers from a code issue vulnerability that stems from the application allowing the inclusion of libraries from the...

Incorrect usage of typecasting in burn lets an attacker corrupt the pool state

Handle broccoli Vulnerability details Impact In the burn function of ConcentratedLiquidityPool, when calling updatePosition, the amount of liquidity to burn is explicitly converted from uint128 to int128, which could result in a positive integer if amount is larger than 1 127 and less than 1 128...

Red Hat Jboss Enterprise Application Platform 7 代码问题漏洞

Red Hat Jboss Enterprise Application Platform 7 Red Hat Jboss Eap 7 is a middleware platform built on open standards and compatible with the Java Ee 7 specification from Red Hat USA. A code issue vulnerability exists in Red Hat JBoss Enterprise Application Platform 7 Artemis that stems from the...