The mintToken function of a smart contract implementation for FuturXe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
The HTTP API supported by Starry Station (aka Starry Router) allows brute forcing the PIN setup by the user on the device, and this allows an attacker to change the Wi-Fi settings and PIN, as well as port forward and expose any internal device's port to the Internet. It was identified that the device uses custom Python code called "rodman" that allows the mobile appication to interact with the device. The APIs that are a part of this rodman Python file allow the mobile application to interact…
Insufficient data validation in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.