CVE-2022-47070

NVS365 V01 is vulnerable to Incorrect Access Control. After entering a wrong password, the url will be sent to the server twice. In the second package, the server will return the correct password information...

CVE-2022-2546 All-in-One WP Migration < 7.63 - Unauthenticated Reflected XSS

The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wmexport AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response...

Losses in Pair and LendgineRouter can be generated if used with ERC20 Tokens with fee on transfer

Lines of code Vulnerability details Losses in Pair and LendgineRouter can be generated if used with ERC20 Tokens with fee on transfer Summary Some tokens token1, token0, ... are used over the code that can be any kind of ERC20 token. If this token includes fees on transfer, some operations will...

CVE-2022-22732

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources data supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Commission Versions pri...

Design/Logic Flaw

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources data supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Commission Versions pri...

sqrtDiscriminant can be calculated wrong

Lines of code Vulnerability details Impact Due to the wrong calculation of short and long tokens during the leverage and deleverage process, the users can suffer financial loss while the protocol will lose fees Proof of Concept The protocol uses leverage function to deposit short tokens and recei...

Upgraded Q -> M from #598 [1674741121008]

Judge has assessed an item in Issue 598 as M risk. The relevant finding follows: Low: 1.deposit check wrong variant function deposituint256 assets, address receiver public virtual returns uint256 shares requireshares minDepositAmount, "VALUETOOSMALL"; requireassets minDepositAmount,...

Admin account can lose user's collateral

Lines of code Vulnerability details Impact This is high risk because funds can be send to the wrong address. Proof of Concept Tools Used VSCode, Slither Recommended Mitigation Steps Recommend considering the use of msg.sender in completeRedemptions and processRedemption --- The text was updated...

Everyone Is Using Google Photos Wrong

Ever-expanding cloud storage presents more risks than you might think...

DEBIAN-CVE-2022-22748

Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

Bids are wrongly ordered when prices and quantities are equal.

Lines of code Vulnerability details Description In GroupBuy, when total amount of Raes is filled up with purchases, users start competing with higher price offers. Their bids are laid out in a min priority queue structure implemented in MinPriorityQueue.sol. The docs clearly state that when two...

USN-5775-1: Vim vulnerabilities

It was discovered that Vim uses freed memory in recurisve substitution of specially crafted patterns. An attacker could possbly use this to crash Vim and cause denial of service. CVE-2022-2345 It was discovered that Vim makes illegal memory calls when patterns start with an illegal byte. An...

CVE-2022-2993 bt: host: Wrong key validation check

There is an error in the condition of the last if-statement in the function smpcheckkeys. It was rejecting current keys if all requirements were unmet...

Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite

Impact The reference kernel of the CONV3DTRANSPOSE TensorFlow Lite operator wrongly increments the dataptr when adding the bias to the result. Instead of dataptr += numchannels; it should be dataptr += outputnumchannels; as if the number of input channels is different than the number of output...

Upgraded Q -> M from #307 [1669043813221]

Judge has assessed an item in Issue 307 as M risk. The relevant finding follows: L-1. Wrong comparison sign Description The function swapAVAXForExactTokens will revert when msg.value amountsIn0 because amountsIn0 - msg.value will always cause underflow. Solidity version ^0.8.0 is used, so it will...

Beekeeper Studio 跨站脚本漏洞

Beekeeper Studio is a cross-platform, open source SQL editor and database manager from Beekeeper Studio, Inc. It is available for Linux, Mac, and Windows. A security vulnerability exists in Beekeeper Studio version v3.6.6, which originates from an attacker who can inject a crafted payload into a...

golang: crypto/tls: certificate of wrong type is causing TLS client to panic

A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists or can be issued, or the client is configured with...

GSD-2022-1006906 dmaengine: qcom-adm: fix wrong sizeof config in slave_config

dmaengine: qcom-adm: fix wrong sizeof config in slaveconfig This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...

Wrong bidIndex calculation

Lines of code Vulnerability details Impact Return wrong bidIndex Proof of Concept SizeSealed.sol Tools Used Manual Recommended Mitigation Steps uint256 bidIndex = a.bids.length - 1 ; --- The text was updated successfully, but these errors were encountered: 👎 1 trust1995 reacted with thumbs down...

Attacker can drain the SizeSealed.sol contract.

Lines of code Vulnerability details Impact An attacker can drain the SizeSealed.sol contract buy creating fake auction and manipulating some contract logic. POC Assuming that the SizeSealed.sol initially contains 10000 DAI tokens, I’ll demonstrate how an attacker can steal these tokens. The bug i...