14 matches found
EUVD-2014-1428
Malware in sbrugna...
MediaTek 芯片 安全漏洞
MediaTek chips are a variety of chips from MediaTek, a Chinese company MediaTek. A security vulnerability exists in the MediaTek chips, which stems from an incorrect state checking issue in the DA module, which may allow privilege bypass...
MediaTek 芯片 安全漏洞
MediaTek chips are a variety of chips from MediaTek, a Chinese company MediaTek. A security vulnerability exists in the MediaTek chips, which stems from an incorrect state check in the da module, which may result in an escalation of privileges...
MediaTek Chip Security Breach
MediaTek chips are a variety of chips from MediaTek, a Chinese company. A security vulnerability exists in the MediaTek chips due to an incorrect state check in the display module, which may result in an out-of-bounds read...
KUMAFeeCollector.changePayees() executes incorrectly when newPayees contains duplicate items
Lines of code Vulnerability details Impact When calling KUMAFeeCollector.changePayees with duplicate payees in newPayees, the call is not reverted and the result state will be incorrect. Proof of Concept Contract KUMAFeeCollector does not support duplicate payees. The transaction will revert when...
Information disclosure
In updatePublicMode of NotificationLockscreenUserManagerImpl.java, there is a possible way to reveal sensitive notifications on the lockscreen due to an incorrect state transition. This could lead to local information disclosure with physical access required and an app that runs above the...
GHSA-HHC4-47RH-CR34 Incorrect is_static parameter for custom stateful precompiles in SputnikVM (evm)
Impact A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Previously, the passed isstatic parameter was incorrect -- it was only set to true if the call comes...
Incorrect is_static parameter for custom stateful precompiles in SputnikVM (evm)
Impact A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Previously, the passed isstatic parameter was incorrect -- it was only set to true if the call comes...
CVE-2022-39354
SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...
SputnikVM 安全漏洞
SputnikVM is a Rust-based ethereum virtual machine implementation by rust-blockchain individual developers. A security vulnerability exists in SputnikVM versions prior to 0.36.0 that stems from passing the isstatic parameter is incorrect, an issue that could lead to incorrect state transitions...
CVE-2022-39354 evm has incorrect is_static parameter for custom stateful precompiles
SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...
webkitgtk: Incorrect state management leading to universal cross-site scripting
A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing...
WAGO PFC200 Access Control Error Vulnerability (CNVD-2019-46396)
The WAGO PFC200 is a programmable logic controller PLC from WAGO Germany. An access control error vulnerability exists in the WAGO PFC200. An attacker could exploit this vulnerability to cause a denial of service with the help of specially crafted packets to bring the device into an incorrect sta...
chromium-browser: Incorrect handling of promises in V8
An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page...