876 matches found
CVE-2024-47613
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in gstgdkpixbufdecflush within gstgdkpixbufdec.c. This function invokes memcpy, using outpix as the destination address. outpix is expected to point to the fra...
CVE-2024-47613
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in gstgdkpixbufdecflush within gstgdkpixbufdec.c. This function invokes memcpy, using outpix as the destination address. outpix is expected to point to the fra...
CVE-2024-47607 GHSL-2024-116: Stack-buffer overflow in gst_opus_dec_parse_header
GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gstopusdecparseheader function within gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If nchannels exceeds 64, the for loop will write beyond the...
CVE-2024-47607
CVE-2024-47607 affects GStreamer’s opus decoder (gst_opus_dec_parse_header in gstopusdec.c). A stack-allocated pos buffer of size 64 can overflow when n_channels > 64, causing writes beyond the buffer and potential control-flow corruption (overwriting the EIP). The issue is fixed in GStreamer ...
CVE-2024-47538 GHSL-2024-115: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet
GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbishandleidentificationpacket function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd-vi.channels exceeds 64, the for loop will...
CVE-2024-47538
CVE-2024-47538 affects GStreamer’s vorbis handling in the Vorbis decoder. A stack-buffer overflow is triggered in the function vorbis_handle_identification_packet within gstvorbisdec.c: a stack-allocated position buffer of size 64 is overflowed when vd->vi.channels exceeds 64, writing the valu...
CVE-2024-9969
NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site Scripting XSS attack. The affected product is no longer maintained. It is recommended to upgrade to the...
CVE-2024-45166
An issue was discovered in UCI IDOL 2 aka uciIDOL or IDOL2 through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service DoS attacks and possibly remote code execution...
CVE-2024-45166
An issue was discovered in UCI IDOL 2 aka uciIDOL or IDOL2 through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service DoS attacks and possibly remote code execution...
Some tokens may revert when zero value transfers are made
Lines of code 356, 371, 145, 272, 252, 116, 445, 374, 506, 488https://github.com/Tapioca-DAO/tap-token-audit/blob/59749be5bc2286f0bdbf59d7ddc258ddafd49a9f/contracts/options/TapiocaOptionBroker...
Use of transferFrom() rather than safeTransferFrom() for NFTs in will lead to the loss of NFTs
Lines of code 230, 342, 514, 536 Vulnerability details The EIP-721 standard says the following about transferFrom: /// @notice Transfer ownership of an NFT -- THE CALLER IS RESPONSIBLE /// TO CONFIRM THAT to IS CAPABLE OF RECEIVING NFTS OR ELSE /// THEY MAY BE PERMANENTLY LOST /// @dev Throws...
Use of transferFrom() rather than safeTransferFrom() for NFTs in will lead to the loss of NFTs
Lines of code 230, 342, 514, 536 Vulnerability details The EIP-721 standard says the following about transferFrom: /// @notice Transfer ownership of an NFT -- THE CALLER IS RESPONSIBLE /// TO CONFIRM THAT to IS CAPABLE OF RECEIVING NFTS OR ELSE /// THEY MAY BE PERMANENTLY LOST /// @dev Throws...
Use of transferFrom() rather than safeTransferFrom() for NFTs in will lead to the loss of NFTs
Lines of code 230, 342, 514, 536 Vulnerability details The EIP-721 standard says the following about transferFrom: /// @notice Transfer ownership of an NFT -- THE CALLER IS RESPONSIBLE /// TO CONFIRM THAT to IS CAPABLE OF RECEIVING NFTS OR ELSE /// THEY MAY BE PERMANENTLY LOST /// @dev Throws...
Some tokens may revert when zero value transfers are made
Lines of code 356, 371, 145, 272, 252, 116, 445, 374, 506, 488https://github.com/Tapioca-DAO/tap-token-audit/blob/59749be5bc2286f0bdbf59d7ddc258ddafd49a9f/contracts/options/TapiocaOptionBroker...
Use of transferFrom() rather than safeTransferFrom() for NFTs in will lead to the loss of NFTs
Lines of code 230, 342, 514, 536 Vulnerability details Impact The EIP-721 standard says the following about transferFrom: /// @notice Transfer ownership of an NFT -- THE CALLER IS RESPONSIBLE /// TO CONFIRM THAT to IS CAPABLE OF RECEIVING NFTS OR ELSE /// THEY MAY BE PERMANENTLY LOST /// @dev...
Potential Incorrect Domain Separator Generation in _calculateDomainSeparator Function
Lines of code Vulnerability details The calculateDomainSeparator function generates the EIP-712 domain separator using the contract's name and version. However, there is no explicit guarantee that the name has been set before calling this function, leading to an unreliable domain separator. Impac...
EIP-2938 Breaks Whitelist Logic
Lines of code Vulnerability details Impact Unauthorized contracts can bypass whitelistedContractsmsg.sender due to EIP-2938. Proof of Concept In the function isEligibleSender it checks if msg.sender != tx.origin... but when EIP-2938 a.k.a Account Abstraction is fully implemented it will be possib...
executeOperation() doesn't pass/authenticate the initiator address
Lines of code Vulnerability details Impact In OptionsPositionManager.sol executeFlashloan. File: contracts/PositionManager/OptionsPositionManager.sol function executeOperation address calldata assets, uint256 calldata amounts, uint256 calldata premiums, address initiator, bytes calldata params...
Moxa MGate 5105-MB-EIP DestIP Command Injection Remote Code Execution (CVE-2020-8858)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. Authentication is required to exploit this vulnerability. The specific flaw exists within the DestIP parameter within MainPing.asp. The issue results from...
Inconsistent encoding of arrays in MetaTxLib
Lines of code Vulnerability details Bug Description According to the EIP-712 specification, arrays are encoded by concatenating its elements and passing the result to keccak256: The array values are encoded as the keccak256 hash of the concatenated encodeData of their contents i.e. the encoding o...