Missing receive() or fallback() payable function as native token is expected from WETH

Lines of code Vulnerability details receive or fallback payable function is missing in the current implementation of wfCashERC4626, calling WETH.withdraw will revert. WETH.withdrawdepositAmountExternal; As a result, mintInternal when isETH == true will revert. --- The text was updated successfull...

GHSA-27MX-GCHC-6XJP Unhandled crash in npm posix

This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable not a function, and then it will crash with type-check...

CVE-2022-21211

This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable not a function, and then it will crash with type-check...

posix 安全漏洞

posix is a portable operating system interface. A security vulnerability exists in all versions of posix, which stems from a call to the toString method that falls back to the value 0x0 and can be exploited by an attacker to conduct a Dos attack...

transfer is used for transfering ether

Originally submitted by warden pauliax in 173, duplicate of 52. .transfer is used for transfering ether, e.g.: payableto.transferamount; payablemsg.sender.transferamount; It is currently not recommended as recipients with custom fallback functions smart contracts will not be able to handle that...

CEther.doTransferOut() May Revert Because .transfer() Uses A Fixed Amount Of Gas

Lines of code Vulnerability details Impact The .transfer function intends to transfer an ETH amount with a fixed amount of 2300 gas. This function is not equipped to handle changes in the underlying .send and .transfer functions which may supply different amounts of gas in the future. Additionall...

The vulnerability of the put_epel_hv_fallback function in the h.265 Libde265 implementation allows a perpetrator to trigger a service failure.

The vulnerability of the putepelhvfallback function in the h.265 Libde265 implementation is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a remote attacker to trigger a service failure using a specially created file...

The vulnerability of the put_qpel_fallback function in the h.265 Libde265 implementation allows a perpetrator to trigger a service failure.

The vulnerability of the putqpelfallback function in the h.265 Libde265 implementation is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a malicious actor to trigger a service failure using a specially created file...

libde265 1.0.8, was discovered to contain a heap-buffer-overflow in put_epel_16_fallback (fallback-motion.cc)

Description libde265 1.0.8, was discovered to contain a heap-buffer-overflow in putepel16fallback fallback-motion.cc ENV - Version : 1.0.8 - Commit : 45904e5667c5bf59c67fcdc586dfba110832894c - OS : Ubuntu 18.04 - Configure : cmake -DCMAKEBUILDTYPE=Debug -DCMAKECXXCOMPILER=clang++-10...

The vulnerability of the put_qpel_0_0_fallback_16 function in the h.265 Libde265 implementation allows a attacker to trigger a service failure.

The vulnerability of the putqpel00fallback16 function in the h.265 Libde265 implementation is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a remote attacker to trigger a service failure using a specially created file...

The vulnerability of the `put_weighted_bipred_16_fallback` function in the h.265 Libde265 implementation allows a perpetrator to trigger a service failure.

The vulnerability of the putweightedbipred16fallback function in the h.265 Libde265 implementation is related to writing outside the buffer boundaries. Exploiting this vulnerability allows a malicious actor to trigger a service failure using a specially created file...

CVE-2022-0653

The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the siteurl parameter found in the /assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a...

Profile Builder < 3.6.2 - Reflected Cross-Site Scripting

The plugin does not properly sanitise and escape the siteurl parameter before outputting it back in an href attribute, leading to a Reflected Cross-Site Scripting issue...

PT-2022-7271 · Libde265 +3 · Libde265 +3

Name of the Vulnerable Software and Affected Versions: Libde265 version 1.0.8 Description: The issue is related to a heap-buffer-overflow vulnerability in the put qpel 0 0 fallback 16 function, located in fallback-motion.cc, which is part of the Libde265 video codec implementation. This...

PT-2022-7270 · Libde265 +3 · Libde265 +3

Name of the Vulnerable Software and Affected Versions: Libde265 version 1.0.8 Description: The issue is related to a heap-buffer-overflow vulnerability via the put epel hv fallback function in fallback-motion.cc. This allows attackers to cause a Denial of Service DoS via a crafted video file. The...

L2Migrator calls wrong function on bondingManager

Handle harleythedog Vulnerability details Impact In L2Migrator, the function bondFor calls the function "bondForWithHint" on the bondingManager. This function does not exist anywhere in the protocol: the correct function name is simply "bondWithHint". This is a run-time issue the contracts will...

GHSA-7W54-GP8X-F33M Potential exposure of tokens to an Unauthorized Actor

Impact When using this library as a way to programmatically communicate with Replit in a standalone fashion, if there are multiple failed attempts to contact Replit through a WebSocket, the library will attempt to communicate using a fallback poll-based proxy. The URL of the proxy has changed, so...

CVE-2022-21671

@replit/crosis is a JavaScript client that speaks Replit's container protocol. A vulnerability that involves exposure of sensitive information exists in versions prior to 7.3.1. When using this library as a way to programmatically communicate with Replit in a standalone fashion, if there are...

CVE-2022-21671 Potential exposure of Replit tokens to an Unauthorized Actor in @replit/crosis

@replit/crosis is a JavaScript client that speaks Replit's container protocol. A vulnerability that involves exposure of sensitive information exists in versions prior to 7.3.1. When using this library as a way to programmatically communicate with Replit in a standalone fashion, if there are...

PT-2022-15025 · Replit · @Replit/Crosis

Name of the Vulnerable Software and Affected Versions: @replit/crosis versions prior to 7.3.1 Description: A vulnerability exists that involves exposure of sensitive information. When using the library to communicate with Replit in a standalone fashion, if there are multiple failed attempts to...