CVE-2021-4145

A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The self pointer is dereferenced in mirrorwaitonconflicts without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on t...

CVE-2021-4145

A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The self pointer is dereferenced in mirrorwaitonconflicts without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on t...

Juniper Networks Junos OS 资源管理错误漏洞

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. A resource management error vulnerability exists in Juniper Networks Junos OS, which arises from a resource allocation err...

GHSA-GP6J-VX54-5PMF Incorrect validation of parties IDs leaks secret keys in Secret-sharing scheme

Summary In the threshold signature scheme, participants start by dividing secrets into shares using a secret sharing scheme. The Verifiable Secret Sharing scheme generates shares from the user’s IDs but does not properly validate them. Using a malicious ID will make other users reveal their secre...

Extension voting threshold check needs to rerun on each transfer

Handle cmichel Vulnerability details The Extension contract correctly reduces votes from the from address of a transfer and adds it to the to address of the transfer in case both of them voted on it before, but it does not rerun the voting logic in voteOnExtension that actually grants the...

Security Bulletin: This Power System update is being released to address CVE-2018-5391

Summary POWER9: In response to a denial of service vulnerability, a new Power Systems firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2018-5391. A remote attacker could use large IP frames to trigger time and calculation expensive calls in the...

Unable to remove liquidity in Recovery Mode

Handle gzeon Vulnerability details Impact According to When the Malt price TWAP drops below a specified threshold eg 2% below peg then the protocol will revert any transaction that tries to remove Malt from the AMM pool ie buying Malt or removing liquidity. Users wanting to remove liquidity can...

stabilize() is vulnerable to flashloan sandwich attack

Handle WatchPug Vulnerability details When the price of Malt is off the lowerThreshold and upperThreshold, StabilizerNode.sol will market buy/sell Malt. However, since the market sell can be triggered by anyone, and there is no slippage control, it makes it vulnerable to flashloan sandwich attack...

CVE-2021-37471

Cradlepoint IBR900-600 devices running versions 7.21.10 are vulnerable to a restricted shell escape sequence that provides an attacker the capability to simultaneously deny availability to the device's NetCloud Manager console, local console and SSH command-line...

WrappedIbbtcEth contract will use stalled price for mint/burn if updatePricePerShare wasn't run properly

Handle hyh Vulnerability details Impact Malicious user can monitor SetPricePerShare event and, if it was run long enough time ago and market moved, but, since there were no SetPricePerShare fired, the contract's pricePerShare is outdated, so a user can mint with pricePerShare that is current for...

UniswapV2TokenAdapter does not support Sushiswap-only assets

Handle cmichel Vulnerability details The UniswapV2TokenAdapter.supports function calls its aboveLiquidity function which returns the UniswapV2 liquidity if the pair exists. If this is below minimumLiquidity, the supports function will return false. However, it could be that the Sushiswap pair has...

CVE-2021-41105

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. When handling SRTP calls, FreeSWITCH prior to version 1.10.7 is susceptible to a DoS where calls can be terminated...

PT-2021-23092 · Unknown +1 · Freeswitch +1

Name of the Vulnerable Software and Affected Versions: FreeSWITCH versions prior to 1.10.7 Description: The issue allows remote attackers to terminate calls by flooding a media port handling SRTP traffic with specially crafted SRTP packets, leading to denial of service. This can be done...

Moderate: Red Hat Security Advisory: Red Hat Virtualization Host security and bug fix update [ovirt-4.4.8]

An update for cockpit-ovirt, ovirt-host, ovirt-hosted-engine-ha, ovirt-hosted-engine-setup, and vdsm is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring...

Lack of sufficient power check in updateValset of Gravity

Handle shw Vulnerability details Impact The updateValset function does not check whether the new valset has sufficient power to pass a vote see the constructor for more details. If the new valset does not, any function calling checkValidatorSignatures will be disabled since the transaction revert...

cumulativePower check should be inclusive

Handle pauliax Vulnerability details Impact Based on my understanding cumulativePower checks should be inclusive to indicate when the threshold is met. Otherwise, there might be impossible to reach it in certain cases e.g. when 100% power is required. Replace '' with '=' in constructor and functi...

DEBIAN-CVE-2021-39261

A crafted NTFS image can cause a heap-based buffer overflow in ntfscompressedpwrite in NTFS-3G 2021.8.22...

AZL-6749 CVE-2021-33286 affecting package ntfs-3g for versions less than 2021.8.22-1

In NTFS-3G versions 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution...

Missing initialization checks and setters for critical parameters of maxExitFee and maxTimelockDuration

Handle 0xRajeev Vulnerability details Impact maxExitFee and maxTimelockDuration are critical parameters that impact the UX and prize rewards for users. They are initialized once in initialize without any sanity/threshold checks and also lack any setters for modifying their values later in case of...

Missing threshold check on critical protection mechanism minRentalDayDivisor

Handle 0xRajeev Vulnerability details Impact Minimum rental duration is acknowledged as one of the two critical protection mechanisms for the market functioning. The setMinRental is called from the constructor with 246 which sets the minimum duration to 10 minutes. However, a threshold check is...