200 matches found
Fee double counting for underwater positions
Handle hyh Vulnerability details Impact Actual available fees are less than recorded. That's because a part of them corresponds to underwater positions, and will not have the correct amount stored with the contract: when calculation happens the fee is recorded first, then there is a check for...
Missing _token.approve() to curvePool in setZapConfig
Handle WatchPug Vulnerability details function setZapConfig uint256 idx, address sett, address token, address curvePool, address withdrawToken, int128 withdrawTokenIndex external onlyGovernance; requiresett != address0; requiretoken != address0; require withdrawToken == addressWBTC || withdrawTok...
Basket.sol#mint() Malfunction due to extra nonReentrant modifier
Handle WatchPug Vulnerability details function mintuint256 amount public nonReentrant override mintToamount, msg.sender; function mintTouint256 amount, address to public nonReentrant override requireauction.auctionOngoing == false; The mint method is malfunction because of the extra nonReentrant...
ConcentratedLiquidityPool.burn() Wrong implementation
Handle WatchPug Vulnerability details The reserves should be updated once LP tokens are burned to match the actual total bento shares hold by the pool. However, the current implementation only updated reserves with the fees subtracted. Makes the reserve0 and reserve1 smaller than the current...
MGASA-2021-0411 Updated gpsd packages fix security vulnerability and other bugs
It was discovered that GPSd incorrectly handled certain leap second events which would result in the time jumping back 1024 weeks on 2021-10-31. This update provides upstream version 3.23 that has this and several other upstream issues fixed. It also fixes issues that prevents it to start properl...
The vulnerability of the Modbus protocol implementation in microprogrammed software for programmable logic controllers like Modicon Quantum arises from incorrect code generation. This allows attackers to trigger malfunctions during maintenance operations.
The vulnerability of the Modbus protocol implementation in microprogrammed software for programmable logic controllers like Modicon Quantum is related to incorrect code generation. Exploiting this vulnerability could allow an attacker, operating remotely, to cause malfunctions in the system’s...
Gateway / AAA : Page stuck at loading (Page Spinning ) after upgrade.
After upgrade when accessing the Citrix Gateway the page is stuck at spinning wheel...
3Dconnexions Spacemouse Enterprise Display not working
When redirected using generic USB feature, 3DConnexions Spacemouse Enterprise: https://3dconnexion.com/de/product/spacemouse-enterprise is not 100% functional. TheVDA detects the device and the mouse joystick is working fine, But the screen on the device stays in the splash screen, instead...
GHSA-58QP-5328-V7MH cumulative-distribution-function Infinite Loop vulnerability
Impact Apps using this library on improper data may crash or go into an infinite-loop In the case of a nodejs server-app using this library to act on invalid non-numeric data, the nodejs server may crash. This may affect other users of this server and/or require the server to be rebooted for prop...
Malicious Package
Overview All versions of http-proxy-middelware contain malicious code. The index.js file attempts to download a file from a remote server and execute it. The file is not run upon installation - the package needs to be required or the index.js run manually. The package contains a typo in its code...
Denial of Service Vulnerability in XINJE XL5E-16T
The XINJE XL5E-16T PLC Unit is a controller product of the Ethernet type series. A denial of service vulnerability exists in the XINJE XL5E-16T. An attacker can exploit this vulnerability to cause the device to not function properly...
Huawei smartphone data forgery issue vulnerability
Huawei Emui is an Android-based mobile operating system from China's Huawei Corporation.Honor Magic Ui is an Android-based mobile operating system from China's Honor Corporation. Huawei smartphones are vulnerable to a data forgery issue, successful exploitation of this vulnerability may result in...
SQLite report about CVE-2021-20223
The problem identified by this CVE is not a vulnerability. It is a malfunction. A coding error causes FTS5 to sometimes return inconsistent and incorrect results under obscure circumstances, but no memory errors occur. details...
SSL VPN : Intranet Applications connectivity break on port 3389 and port 22 after upgrade
After Update to 64.35 the SSL Client send TCP FIN ACK to the Server. This problem is not reported on 13.0.58.32, 13.0.61.48. There is no issue with accessing the Intranet Applications. 13.0.64.35, and 13.0.67.39, the connectivity to port 3389 and port 22 breaks...
The vulnerability of the Common Open Policy Service (COPS) service in the Cisco IOS XE operating system, exposed by Cisco cBR-8 gateways, allows a attacker to cause a malfunction in the device’s operation.
The vulnerability of the Common Open Policy Service COPS service in the Cisco IOS XE operating system, when exposed by Cisco cBR-8 broadband routers, is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause malfunctions in the device...
The vulnerability in the kernel of Cisco IOS XE access points and Catalyst devices allows a attacker to cause a malfunction in the device’s operation.
The vulnerability of the Polaris kernel in Cisco IOS XE access points and Cisco Catalyst devices is related to packet processing errors. Exploiting this vulnerability can allow an attacker to cause malfunctions in the device...
The vulnerability of the FreeRDP remote desktop protocol, caused by indexing errors, allows a hacker to trigger a service failure or a client-side malfunction, resulting in the absence or distortion of sound.
The vulnerability of the FreeRDP remote desktop protocol is caused by indexing errors. Exploiting this vulnerability allows a malicious actor to cause service failures or malfunctions in the client-side component, resulting in the absence or distortion of audio signals...
CVE-2020-8329
CVE-2020-8329 affects Lenovo Printer LJ4010DN firmware prior to 1.01. The vulnerability allows a remote attacker to send a crafted packet that triggers an error, causing a denial of service and rendering the printer inoperable until reboot. Impact is availability-related (DoS) with no confidentia...
CVE-2020-8474
Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction...
CVE-2020-8474 ABB System 800xA Weak Registry Permissions
Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction...