Malicious pausing the contract

Lines of code Vulnerability details Vulnerability details Description There is a function createAuction in Auction contract. It consist the following logic: /// @dev Creates an auction for the next token function createAuction private // Get the next token available for bidding try token.mint...

GPAC 缓冲区错误漏洞

GPAC is an open source multimedia framework. A security vulnerability exists in versions prior to GPAC 2.1.0-DEV, which can be exploited by an attacker to cause a buffer over-read...

PT-2022-20622 · Dell · Dell Bios

Name of the Vulnerable Software and Affected Versions: Dell BIOS affected versions not specified Description: The issue is related to an Improper Neutralization of Null Byte, which could be exploited by a local authenticated administrator user. This exploitation could occur by sending unexpected...

USE SAME SYMBOL CAN GET FAKED PRICE OF TOKEN

Lines of code Vulnerability details Impact it compare symbol to identify token，it can be exploit to produce fake price of token. Proof of Concept attacker can create a token which is like cToken and has symbol of cNOTE .When somebody call comptroller’s liquidateCalculateSeizeTokens ，it will give ...

Cognex 3D-A1000 Dimensioning System

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely, low attack complexity Vendor: Cognex Equipment: 3D-A1000 Dimensioning System Vulnerabilities: Missing Authentication for Critical Function, Improper Output Neutralization for Logs, Client-side Enforcement of Server-side Security 2...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.11.3)

The version of AOS installed on the remote host is prior to 5.11.3. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.11.3 advisory. - A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver...

CVE-2022-38153

An issue was discovered in wolfSSL before 5.5.0 when --enable-session-ticket is used; however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket more than 256 bytes into a...

CVE-2022-38153

An issue was discovered in wolfSSL before 5.5.0 when --enable-session-ticket is used; however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket more than 256 bytes into a...

Session fixation

An issue was discovered in wolfSSL before 5.5.0 when --enable-session-ticket is used; however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket more than 256 bytes into a...

CVE-2022-26330

Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting XSS. This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions...

Sensormatic Electronics iSTAR

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor: Sensormatic Electronics, a subsidiary of Johnson Controls Inc. Equipment: iSTAR Ultra Vulnerability: Command Injection 2. RISK EVALUATION An unauthenticated user could use a malicious request to run...

PTC Kepware KEPServerEX (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: Kepware KEPServerEX Vulnerabilities: Heap-based Buffer Overflow, Stack-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...

CVE-2022-0217

It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs CWE-776. In addition, depending on the libexpa...

CVE-2021-23172

A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash...

CVE-2021-23172

A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash...

CVE-2022-31151

A flaw was found in the undici package. After cookie headers are set, they are not cleared. This issue could allow an attacker to take advantage of this cookie, which could be used to control the redirection target. Mitigation By default, this vulnerability is not exploitable. In order to make su...

CVE-2021-43309

An exponential ReDoS Regular Expression Denial of Service can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method...

CVE-2022-38664

Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure job names...

Delta Industrial Automation DIALink

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: Delta Industrial Automation DIALink Vulnerability: Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of this vulnerability could result in the...

Ropr - A Blazing Fast Multithreaded ROP Gadget Finder. Ropper / Ropgadget Alternative

ropr is a blazing fast multithreaded ROP Gadget finder What is a ROP Gadget? ROP Return Oriented Programming Gadgets are small snippets of a few assembly instructions typically ending in a ret instruction which already exist as executable code within each binary or library. These gadgets may be...