You can give address(0) _mint(), confused with _burn()

Lines of code Vulnerability details Impact You can give address0 mint, confused with burn Proof of Concept For example, the Initialize of AuctionCrowdfund does not determine whether initialContributor is 0, so the address0 can be Mint tokenid. //contracts/crowdfund/AuctionCrowdfund.sol function...

Remotely Controlling Touchscreens

This is more of a demonstration than a real-world vulnerability, but researchers can use electromagnetic interference to remotely control touchscreens. From a news article: Its important to note that the attack has a few key limitations. Firstly, the hackers need to know the targets phone passcod...

CVE-2022-35978

Minetest is a free open-source voxel game engine with easy modding and game creation. In single player, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs i...

EUVD-2022-38805

Minetest is a free open-source voxel game engine with easy modding and game creation. In single player, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs i...

CVE-2022-0878

Electric Vehicle EV commonly utilises the Combined Charging System CCS for DC rapid charging. To exchange important messages such as the State of Charge SoC with the Electric Vehicle Supply Equipment EVSE CCS uses a high-bandwidth IP link provided by the HomePlug Green PHY HPGP power-line...

Authorization

LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data...

Nextcloud: Talk Android broadcast receiver is not protected by broadcastPermission allowing malicious apps to communicate

Summary: Call to registerReceiver misses the broadcastPermission argument - no permissions will be checked for the broadcaster, which allows a malicious application to communicate with the broadcast receiver. Supporting Material/References: Screenshot Snyk report references to fixes in other repo...

Remotely Controlling Touchscreens

Researchers have demonstrated controlling touchscreens at a distance, at least in a laboratory setting: The core idea is to take advantage of the electromagnetic signals to execute basic touch events such as taps and swipes into targeted locations of the touchscreen with the goal of taking over...

Attackers Can Use Electromagnetic Signals to Control Touchscreens Remotely

Researchers have demonstrated what they call the "first active contactless attack against capacitive touchscreens." GhostTouch, as it's called, "uses electromagnetic interference EMI to inject fake touch points into a touchscreen without the need to physically touch it," a group of academics from...

CVE-2022-29874

A vulnerability has been identified in SICAM T All versions V3.0. Affected devices do not encrypt web traffic with clients but communicate in cleartext via HTTP. This could allow an unauthenticated attacker to capture the traffic and interfere with the functionality of the device...

Code injection

A vulnerability has been identified in SICAM P850 All versions V3.00, SICAM P850 All versions V3.00, SICAM P850 All versions V3.00, SICAM P850 All versions V3.00, SICAM P850 All versions V3.00, SICAM P850 All versions V3.00, SICAM P850 All versions V3.00, SICAM P850 All versions V3.00, SICAM P850...

Siemens SICAM T 安全漏洞

The SICAM P850 Multifunctional Measurement Device is used to collect, visualize, evaluate and transmit electrical measurement variables such as AC current, AC voltage, frequency, power, harmonics, etc. The SICAM P855 Multifunctional Device is used to collect, display and transmit measured...

CVE-2022-29874

CVE-2022-29874 concerns Siemens SICAM P850/P855 devices (all versions prior to v3.0) that transmit web traffic in cleartext over HTTP. The root issue is cleartext transmission of sensitive information (CWE-319), allowing an unauthenticated attacker to capture traffic and potentially interfere wit...

CVE-2022-0878

Electric Vehicle EV commonly utilises the Combined Charging System CCS for DC rapid charging. To exchange important messages such as the State of Charge SoC with the Electric Vehicle Supply Equipment EVSE CCS uses a high-bandwidth IP link provided by the HomePlug Green PHY HPGP power-line...

CVE-2022-0878

Electric Vehicle EV commonly utilises the Combined Charging System CCS for DC rapid charging. To exchange important messages such as the State of Charge SoC with the Electric Vehicle Supply Equipment EVSE CCS uses a high-bandwidth IP link provided by the HomePlug Green PHY HPGP power-line...

Design/Logic Flaw

Electric Vehicle EV commonly utilises the Combined Charging System CCS for DC rapid charging. To exchange important messages such as the State of Charge SoC with the Electric Vehicle Supply Equipment EVSE CCS uses a high-bandwidth IP link provided by the HomePlug Green PHY HPGP power-line...

CVE-2022-0878 Novel attack against the Combined Charging System (CCS) in electric vehicles to remotely cause a denial of service

Electric Vehicle EV commonly utilises the Combined Charging System CCS for DC rapid charging. To exchange important messages such as the State of Charge SoC with the Electric Vehicle Supply Equipment EVSE CCS uses a high-bandwidth IP link provided by the HomePlug Green PHY HPGP power-line...

CVE-2022-0878

The CVE-2022-0878 issue describes a denial-of-service style disruption in CCS-based DC fast charging communications, where an attacker can use electromagnetic interference to wirelessly interrupt the high-bandwidth IP link over HomePlug Green PHY (HPGP) PLC. Exploitation can be performed from a d...

Combined Charging System 访问控制错误漏洞

Combined Charging System CCS is a combined charging system. The Combined Charging System CCS for DC suffers from a security vulnerability where an attack could use electromagnetic interference to wirelessly interrupt the necessary control communications between the vehicle and the charger from a...

CVE-2021-45104

An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users' jobs and data...