EUVD-2024-16585

Malicious code in bioql PyPI...

EUVD-2022-28759

Malicious code in bioql PyPI...

Schneider Electric EcoStruxure Control Expert, EcoStruxure Process Expert, and Modicon M340, M580 and M580 Safety PLCs Improper Enforcement of Message Integrity During Transmission in a Communication Channel (CVE-2023-6408)

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack. This plugin only works with Tenable.ot...

PT-2025-4736 · Apache · Apache Cloudstack

The software that is vulnerable is Apache CloudStack, specifically versions from 4.16.0 onwards. The vulnerability is an access validation issue that allows unauthorized access to annotations, which can lead to potential loss of confidentiality of CloudStack environments and resources if the...

CVE-2024-46978

CVE-2024-46978 concerns XWiki Platform. Public documentation confirms a vulnerability where an attacker who knows another user’s notification filter ID can enable/disable or delete that filter, potentially causing the target to miss page notifications. Root cause: insufficient privilege checks wh...

Multiple instances of reentrancy

Lines of code Vulnerability details Impact This can lead to massive loss of funds and asset in Nextgen. Proof of Concept There are multiple instances of reentrancy in NextGenCore.sol, MinterContract.sol and AuctionMemo.sol. These reentrancy is due to the use of ERC721 safeMint... for token transf...

FreeBSD : OpenSSL -- potential loss of confidentiality (4a4712ae-7299-11ee-85eb-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4a4712ae-7299-11ee-85eb-84a93843eb75 advisory. - SO-AND-SO reports: Moderate severity: A bug has been identified in the processing of key and...

Festo Firmware Insufficient Technical Documentation (CVE-2022-3270)

In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for...

Loss of user funds due to gas Limit set to zero on L2StandardBridge

Lines of code Vulnerability details Impact User loss of funds in the event a deposit fails. Proof of Concept In L2StandardBridge.finalizeDeposit, there exists an issue related to the gas limit setting. In the event of a failed transfer, it attempts to create a return transaction to refund the use...

High gas consumption vulnerability due to high merkle tree heights

Lines of code Vulnerability details Impact The issue stems from the utilization of tall trees in numerous merkle trees within the BeaconChainProofs library. This could lead to considerable gas consumption during the creation and verification of such trees. The consequence of this vulnerability is...

Upgraded Q -> 2 from #878 [1683053128185]

Judge has assessed an item in Issue 878 as 2 risk. The relevant finding follows: L-3 Potential loss of funds when paying royalties - --- The text was updated successfully, but these errors were encountered: All reactions...

Disabling self-transfer may cause integration issues with other protocols

Lines of code Vulnerability details Impact Integration errors with other protocols Proof of Concept The changes made for H-01 causes transfers to revert if from == to. This is problematic because this is non-standard ERC20 behavior that can cause integration risk/issues with other protocols. I...

CVE-2022-23814

Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment...

Design/Logic Flaw

The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest memory in a confidential compute environment...

Able to call withdrawContributions with any vaultId may lead to loss of funds

Lines of code Vulnerability details Impact The withdrawContributions function in Migration.sol takes any vault as input. As long as the vault is valid and has an inactive buyout, a user may call withdrawContributions even if the proposal they contributed to is LIVE. This may lead to users not bei...

YearnCurveVaultOperator's depositETH can leave the remainder ETH funds frozen and unaccounted for, then utilized by another caller

Lines of code Vulnerability details depositETH effectively do not control the utilization of input token and can freeze WETH input funds in native ETH form on the contract balance when Yearn pool doesn't perform liquidity addition for any reason. Due to presence of the additional WETH - ETH step,...

LiquidityPool:getAmountToTransfer() has incorrect calculation due to incorrect bracket placement

Lines of code Vulnerability details Impact In the scenario where the transfer fee exceeds the equilibrium fee, the excess gets credited to the incentive pool. The incentive pool fee added is incentivePooltokenAddress = incentivePooltokenAddress + amount transferFeePerc -...

Support of deflationary / rebasing tokens

Handle pauliax Vulnerability details Impact Deflationary fee on transfer / rebasing tokens are not supported. Because anyone can createPromotion with an arbitrary token, such tokens may be lost forever. Recommended Mitigation Steps Consider checking the actual amounts transferred balance...

CVE-2021-26327

Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality...

CVE-2021-26329

AMD System Management Unit SMU may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources...