PT-2023-12093 · Amd · 1St Gen Amd Epyc™ Processors +110

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace,...

Use the _assetTransferFrom function instead of _assetTransfer. This is because the tokens are held in the escrow contract, rather than being in the destination BYTES address, and thus require a transfer from the escrow contract to the recipient's address

Lines of code Vulnerability details Impact The msg.sender lose his stakedBytes From BYTES address not possible to send stakedBytes to msg.sender. The stakedBytes only help in escrow contract not in BYTES address. Proof of Concept function assetTransfer address asset, address to, uint256 amount...

INCORRECT FUNCTION CALLS

Lines of code Vulnerability details Impact In Vault.sol, WithdrawProxy.sol and PublicVault.sol, name is making an incorrect external call to return its output variable. Apparently, it is calling ERC20asset.symbol instead of ERC20asset.name. Devoid of an accurate name description, this could lead ...

GSD-2023-1001112 IB/mad: Don't call to function that might sleep while in atomic context

IB/mad: Don't call to function that might sleep while in atomic context This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.86 by commit...

PT-2023-33836 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.16 Description: The issue arises from a wrong function being called when vimc init fails. This problem was introduced in version v4.13 and is fixed in Linux Kernel version v6.0.16. Recommendations: For Linu...

Upgraded Q -> M from #323 [1668467355303]

Judge has assessed an item in Issue 323 as M risk. The relevant finding follows: L00: beforeTokenTransfer function called with wrong params in LBToken Line 237 seems to be a copy pasta mistake from line 209 in LBToken.sol. On line 237 when burning tokens, to should be zero, and amount of from's...

PicoC 缓冲区错误漏洞

PicoC is a lightweight C interpreter. A buffer overflow vulnerability exists in PicoC version 3.2.2, which stems from a boundary error in the StringStrncpy function in cstdlib/string.c when ExpressionParseFunctionCall is called while processing untrusted input. An attacker can exploit the...

PT-2022-27179 · Picoc · Picoc

Name of the Vulnerable Software and Affected Versions: PicoC version 3.2.2 Description: A heap buffer overflow was discovered in the ExpressionAssign function in expression.c when called from ExpressionParseFunctionCall, which can lead to a potential issue. Recommendations: For PicoC version 3.2....

PA1D._payoutTokens() won't work for USDT and other inconsistent ERC20 tokens.

Lines of code Vulnerability details Impact Some ERC20 tokens USDT, BNB, OMG do not return a boolean on succesful transfer. Checking the returned value of transfer for these tokens will always fail. Proof of Concept Usage of ERC20 interface and require statement in PA1D.sol. Recommended Mitigation...

Unused return _launchProjectFor

Lines of code Vulnerability details Impact the function will push the return value on the stack, the caller will then adjust the stack frame accordingly, but won't copy the returned value from the stack into any variable. ignores return value by Proof of Concept The execution of the message call...

FUD-UUID-Shellcode - Another shellcode injection technique using C++ that attempts to bypass Windows Defender using XOR encryption sorcery and UUID strings madness

Introduction Another shellcode injection technique using C++ that attempts to bypass Windows Defender using XOR encryption sorcery and UUID strings madness :. How it works Shellcode generation Firstly, generate a payload in binary format using either CobaltStrike or msfvenom for instance, in...

PT-2022-37214 · Git +1 · Wasmtime

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A crash was reported, with a segmentation fault occurring on an unknown address. The crash state is related to the cranelift filetests::function...

CVE-2022-2314 VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call

The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site...

WordPress VR Calendar plugin < 2.3.1 - Unauthenticated Arbitrary Function Call vulnerability

Unauthenticated Arbitrary Function Call vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress VR Calendar plugin versions 2.3.1. Solution Update the WordPress VR Calendar plugin to the latest available version at least 2.3.1...

VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call

The plugin lets any user execute arbitrary PHP functions on the site. PoC https://example.com/wp-admin/admin-post.php?vrccmd=phpinfo...

Reentrancy for function call before state update

Lines of code Vulnerability details Impact An external call "transfer" is made before updating state data through "setFuses" and "setFuses" does not depend on any data from "transfer". . Proof of Concept Reentrancy is not only an effect of Ether transfer but of any function call on another...

grunt-util-property 0.0.2 function call can add/modify properties of Object.prototype using a __proto__ payload

This affects all versions of package grunt-util-property. The function call could be tricked into adding or modifying properties of Object.prototype using a proto payload...

authRedeem in Marketplace.sol calls nonexistent function

Lines of code Vulnerability details Impact Complete loss of user funds Proof of Concept In L156 and L164 marketplace.sol makes an external call to swivel.authRedeem, but Swivel.sol doesn't contain any function by that name. When calling a nonexistent function in solidity, the call will simply...

IsWrappedFcash check is a gas bomb

Lines of code Vulnerability details Impact In the isWrappedFCash check, the notionalTradeModule check whether the component is a wrappedCash with the following logic. try IWrappedfCashfCashPosition.getDecodedID returnsuint16 currencyId, uint40 maturity try...

CVE-2022-0885

The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments...