Owner can extend coolDownPeriod to indefinitely - Improper Upper Bound Definition on the coolDownPeriod

Handle defsec Vulnerability details Impact The setCoolDownTime function does not have any upper or lower bounds. Values that are too large will lead to reversions in several critical functions. User funds will be locked forever. Proof of Concept 1. Navigate to the following contract. function...

Improper Upper Bound Definition on the Fee

Handle Jujic Vulnerability details Impact The rJoePerSec does not have any upper or lower bounds. Values that are too large will lead to reversions in several critical functions. Proof of Concept function updateEmissionRateuint256 rJoePerSec external onlyOwner updatePool; rJoePerSec = rJoePerSec;...

Owner can set arbitrary premium which allow nonStakers drain funds

Handle wuwe1 Vulnerability details Impact Owner can set arbitrary premium, this will cause protocol lose all the activeBalance, stakers lose all the claimable premium and nonStakers can drain all the usdc. Proof of Concept setProtocolPremium does not check the value of premium. premium can be...

anomalib (>=0.2.2 <=0.2.4), argos-trains (=0.1.0) +173 more potentially affected by CVE-2021-4118 via pytorch-lightning (>=0.10.0 <=1.5.9)

pytorch-lightning PYPI version =0.10.0, =0.2.2, =0.1.1, =0.3.2b20220222, =0.3.2b20220222, =0.0.1, =0.0.7, =3.0.0, =3.3.0 and more Source cves: CVE-2021-4118 Source advisory: OSV:GHSA-2VJ5-PX25-GJRP...

PT-2021-8142 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to an incorrect structure access in the Linux kernel's net component, specifically in the prestera module. This can cause invalid memory access for certain events,...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

🤝 Show your support - give a ⭐️ if you liked the content | SHARE...

PT-2021-17910 · Suse · Suse

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue arises when a guest is allowed to have close to 16TiB of memory. It may then issue hypercalls to increase its memory allocation beyond the...

Open-iSCSI: OOB read in checksum calculation in uIP

An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upperlayerchksum in net/ipv4/uip.c...

Apache Struts Remote Code Execution Vulnerability

Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defined in underlying configurations and in same time, its upper package configuration have no or...

DIALink cross-site scripting vulnerability (CNVD-2021-84841)

DIALink is an equipment networking platform from Delta Electronics that effectively manages CNC machines and PLC-controlled machines, collects on-site equipment data and connects it to the upper management platform through a unified interface, and at the same time provides visual information...

GHSA-9697-98PF-4RW7 Heap OOB in `UpperBound` and `LowerBound`

Impact An attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.UpperBound: python import tensorflow as tf tf.rawops.UpperBound sortedinput=1,2,3, values=tf.constantvalue=0,0,0,1,1,1,2,2,2,dtype=tf.int64, outtype=tf.int64 The...

PYSEC-2021-292

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.UpperBound. The implementation does not validate the rank of sortedinput...

PYSEC-2021-781

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.UpperBound. The implementation does not validate the rank of sortedinput...

CVE-2021-37670

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.UpperBound. The implementation does not validate the rank of sortedinput...

PYSEC-2021-583

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.UpperBound. The implementation does not validate the rank of sortedinput...

CVE-2021-37670

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.UpperBound. The implementation does not validate the rank of sortedinput...

PT-2021-21788 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: An attacker can read from outside of bounds of heap allocated data by sending...

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is an end-to-end open source machine learning platform. A security vulnerability exists in Google TensorFlow "tf.rawops.UpperBound". An attacker could exploit this vulnerability to read data from outside the boundaries of the heap allocation data and use this information to laun...

SuiteCRM Log File Remote Code Execution

This module exploits an input validation error on the log file extension parameter. It does not properly validate upper/lower case characters. Once this occurs, the application log file will be treated as a php file. The log file can then be populated with php code by changing the username of a...

aiproteomics (=0.2.1), alpharing (>=1.0.0 <=2.0.0) +26 more potentially affected by CVE-2021-29532 via tensorflow-cpu (>=1.15.0 <=2.1.0)

tensorflow-cpu PYPI version =1.15.0, =1.0.0, =0.0.1, =1.0.0.4, =0.1.0, =0.2.3, =0.0.5, =0.1.2, =1.0.0, =1.8.2, =1.6.1, =1.8.3 - netfl =1.5.0 and more Source cves: CVE-2021-29532 Source advisory: OSV:GHSA-J47F-4232-HVV8...