The vulnerability of the sdhci.c component of the hardware emulation software QEMU, which allows a hacker to trigger a service failure.

The vulnerability of the sdhci.c component of the QEMU hardware emulator is related to a single-shift error. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

OESA-2023-1464 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few...

OESA-2023-1465 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few...

CVE-2023-2685

CVE-2023-2685 affects AO-OPC server prior to version 3.2.1. The vulnerability stems from an unquoted directory path for the service entry, which could allow an attacker to start another application via the AO-OPC service, potentially running with system privileges. Exploitation is considered loca...

SUSE-SU-2023:2834-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver bsc1212842. - CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated...

Incorrect Bitwise Shift Operation in _validateCall Function

Lines of code Vulnerability details Impact Let's break down this part of the function: if returnedData.length 32 || bytes28bytes32returnedData 32 != bytes280 revert LSP20InvalidMagicValuepostCall, returnedData; This if statement is intended to do two things, as indicated by the two conditions...

Pump is not updated in shift function

Lines of code Vulnerability details Impact According to comments in Well contract, updatePumps function "Fetches the current token reserves of the Well and updates the Pumps. Typically called before an operation that modifies the Well's reserves." In functions like swap, add/remove liquidity...

A malicious user can steal a reserved token by using shift() function of Well.sol if the well was added liquidity unsafely with zero amount of the one of tokens.

Lines of code Vulnerability details Impact A malicious user can steal a reserved token by using shift function of Well.sol if the well was added liquidity unsafely with zero amount of the one of tokens. Proof of Concept Let's assume the well with WETH and USDC tokens. Currently totalSupply is zer...

Anyone can call Well.sol shift() function and withdraw Contract's extra ERC20 tokens whichever this contract is holding . From Well's contract balance, extra tokens for shifting, calculated amountOut for passed tokenOut token can be withdrawn by attacker.

Lines of code Vulnerability details Impact Whichever type of ERC20 token Well contract is holding it can loose all extra tokens of all types in an amount whatever is the difference reservesj -calcReservewellFunction, reserves, j, totalSupply comes for tokenOut token passed by attacker. Attacker c...

Well.shift could suffer from front-running attack

Lines of code Vulnerability details Impact The usage of Well.shift is described in the comment: 2. Using a router with shift: WETH.transfersender=0xUSER, recipient=Well1 1 Call the router, which performs: Well1.shifttokenOut=DAI, recipient=Well2 DAI.transfersender=Well1, recipient=Well2 2...

Implementation of Well shift() function allows attackers to completely manipulate the oracles

Lines of code Vulnerability details Description The TWAP mechanism relies on measurements sent to the oracle at various points in time. Before reserve counts change, the TWAP is sent the last reserve counts, which are multiplied by the time passed and added to the accumulator. In MultiFlowPump, i...

CVE-2023-3089

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated...

CVE-2023-29424

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Plainware ShiftController Employee Shift Scheduling plugin = 4.9.23 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Plainware ShiftController Employee Shift Scheduling plugin = 4.9.23 versions...

WordPress Plugin ShiftController Employee Shift Scheduling 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2023-3161

A flaw was found in the Framebuffer Console fbcon in the Linux Kernel. When providing font-width and font-height greater than 32 to fbconsetfont, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service...

WordPress Plugin ShiftController Employee Shift Scheduling 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Amazon Linux 2 : OpenEXR (ALAS-2023-2078)

The version of OpenEXR installed on the remote host is prior to 1.7.1-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2078 advisory. A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by...

kernel: net: stmmac: fix dma queue left shift overflow issue

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix dma queue left shift overflow issue When queue number is 4, left shift overflows due to 32 bits integer variable. Mask calculation is wrong for MTLRXQDMAMAP1. If CONFIGUBSAN is enabled, kernel dumps below warning...

Photo Gallery by Ays < 5.1.7 - Reflected XSS

The plugin does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open one of the URLs below v 5.1.7 -...