35 matches found
ROS-20240730-01
A vulnerability in the freempimage function of the free media player Mplayer is related to writing outside of memory boundaries memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability in free mpgetbits function of Mplayer media player is relate...
CVE-2024-3900 Out-of-bounds stack array write in Xpdf 4.05 due to missing zero check
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText...
CVE-2024-3900 Out-of-bounds stack array write in Xpdf 4.05 due to missing zero check
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText...
Staking functionality temporary blocking due to lack of address zero check
Lines of code Vulnerability details Impact Though lack of zero check issue for the addToBlacklist function is already at the automated findings output, I suppose it is necessary to show the importance of this check here. In case of accidental or malicious the BLACKLISTMANAGERROLE behavior the...
Missing Input Validation and Error Definition
Lines of code Vulnerability details Impact Missing Input Validation and Error Definition of globalSupplyIndex & globalBorrowIndex in L827-L844 & L865-L883 respectively of MultiRewardDistributor.sol could create complications as "sub" function of L844 & L883 would stop execution in cases of...
Derivative Pool Issue can Lead to Loss User Funds when Unstaking
Lines of code Vulnerability details Impact In all withdraw functions of derivatives, there is no check for sending zero Ether back to the safEth contract. It is important to note that the addressmsg.sender.callvalue: 0"" function returns true even when transferring a zero value. On the other hand...
lender variable in is not the same as constructory and method in the construcotr ther is no check for address zero
Lines of code Vulnerability details Impact lender variable not the same as constructory and method its no check for address zero Recommended Mitigation Steps check for address zero in the constructor --- The text was updated successfully, but these errors were encountered: š 1 KenzoAgada reacted...
user can pay alot of money with out getting his tokens
Lines of code Vulnerability details lockveasset function: lockveasset functoin should do some transfer but if that dosnt happen then user can can loose alot of money and if incentiveveasset is 0 because the check is 0 and if statment will not pass and the minting will not happen and your not goin...
DoS at CitadelMinter.sol
Lines of code Vulnerability details Impact At CitadelMinter.sol, Funding Pool Weight can't be set at the beginning since totalFundingPoolWeight value is not assigned and Zero meanwhile being cached to newTotalWeight. Hence the substraction will not perform as it will yield to a negative value whi...
CVE-2021-43572
The verify function in the Stark Bank Python ECDSA library aka starkbank-escada or ecdsa-python before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...
CVE-2021-42390
Divide-by-zero in ClickHouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0. JFrog Security Research Team...
Market whitelist does not work
Handle cmichel Vulnerability details The RCTreasury.marketWhitelistCheck function gets the marketWhitelistmsgSender variable and performs a special check if it's non-zero. However, there's no way to set the whitelist in the first place making this function unnecessary. Impact The market whitelist...
Design/Logic Flaw
TensorFlow is an end-to-end open source platform for machine learning. TFLite's convolution codehttps://github.com/tensorflow/tensorflow/blob/09c73bca7d648e961dd05898292d91a8322a9d45/tensorflow/lite/kernels/conv.cc has multiple division where the divisor is controlled by the user and not checked ...
Missing Zero Check
ImageMagick is vulnerable to missing zero check vulnerability. This vulnerability exist due to a missing check for 0 value of replaceextent. Ann attacker is able to trigger the vulnerability by a crafted input file...
UBUNTU-CVE-2020-27770
Due to a missing check for 0 value of replaceextent, it is possible for offset p to overflow in SubstituteString, causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to...