Potential Gas and Overflow Issues with Decimal Shift Left in _convertDecimals Function

Lines of code Vulnerability details Impact The exponentiation operation in the decimal shift left scenario can lead to high gas consumption and potential integer overflow. The gas cost and risk of overflow increase with the value of the exponent, which could make the function expensive or even...

Exploit for Improper Access Control in Pnpm

pnpm vs npm exploit This repo showcases how a difference...

PT-2023-8944 · Mediawiki +2 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.12 MediaWiki versions 1.36.x through 1.39.x before 1.39.5 MediaWiki versions 1.40.x before 1.40.1 Description: An issue was discovered in DifferenceEngine.php, where the diff-multi-sameuser feature ignores...

CVE-2023-5217

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Difference between vhd and vhdx

What's the difference between vhd and vhdx?...

CVE-2023-40758

User enumeration is found in PHPJabbers Document Creator v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...

bind security and bug fix update

32:9.16.23-11 - Correct backport issue in statistics rendering fix 2126912 32:9.16.23-10 - Handle subtle difference between upstream and rhel CVE-2022-3094 32:9.16.23-9 - Prevent flooding with UPDATE requests CVE-2022-3094 - Handle RRSIG queries when server-stale is active CVE-2022-3736 - Fix cra...

Important: Red Hat Security Advisory: pcs security and bug fix update

An update for pcs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Contiki-NG 安全漏洞

Contiki-NG is an open source cross-platform operating system for next-generation IoT Internet of Things devices. A security vulnerability exists in Contiki-NG version 4.8 and prior versions, which stems from the Antelope database management system that triggers a difference-one error...

PVS boot time message "Attempting to set IP address on Boot NIC.......complete after 51s."

Target devices show a boot time message "Attempting to set IP address on Boot NIC.......complete after 51s." This message was not observed in earlier versions of PVS target device software like PVS 1912...

Siemens Mendix Forgot Password Module Information Disclosure Vulnerability

Siemens Mendix is a low-code application development platform from Siemens. The platform provides application development, testing, deployment and iteration. An information disclosure vulnerability exists in the Siemens Mendix Forgot Password module. The vulnerability stems from the fact that the...

Siemens Mendix 安全漏洞

Siemens Mendix is a low-code application development platform from Siemens. The platform provides application development, testing, deployment and iteration. An information disclosure vulnerability exists in the Siemens Mendix Forgot Password module. The vulnerability stems from the fact that the...

SUSE CVE-2012-5248

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK...

SUSE CVE-2016-9910

The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909...

SUSE CVE-2017-6965

readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow...

GPAC 安全漏洞

GPAC is an open source multimedia framework. A security vulnerability exists in versions prior to GPAC v2.3.0-DEV, which stems from a difference-one error...

jopenid 安全漏洞

jopenid is an open source component. A security vulnerability exists in jopenid. An attacker exploits the vulnerability to cause a noticeable time difference...

Red Hat OpenShift 安全漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying and running applications. A security vulnerability exists in Red Hat OpenShift OSIN that stems from an incorrect manipulation of the secret parameter resulting ...

Protocol's fractional token assumes that each NFT in a collection has the same value

Lines of code Vulnerability details Impact User can cheat the system by wrapping getting fractional tokens a low value NFT and unwrapping a high value NFT selling the same fractional tokens. Pair creator might lose out. Proof of Concept Pair.wrap takes in an array of tokenIds and an array of...

Reuse of previous voting difference in extendPledge() charges too much fees

Lines of code Vulnerability details Description In Warden Pledge, creators can extend the life span of an existing pledge using extendPledge. Here's the implementation: uint256 addedDuration = newEndTimestamp - oldEndTimestamp; ifaddedDuration maxTotalRewardAmount revert...