Attackers might be able to avoid calling reference modules when creating publications
Lines of code Vulnerability details Bug Description When comment(), mirror or quote() is called on a publication with a reference module, the reference module will be called. For example, when a user mirrors another publication with a reference module, the processMirror() function of that...
6.8AI Score
Malicious user can create an harmful proposal and execute it by setting a very low quorum .
Lines of code Vulnerability details Impact Malicious user can create an harmful proposal and execute it by setting a very low quorum . Which can lead to very bad consequences . Proof of Concept When creating a proposal, quorum is calculation logic looks like this : // get the quorum...
6.9AI Score
_getSelector does not return the right selector
Lines of code Vulnerability details Impact _getSelector(...) function in the CoreVoting.sol will NEVER return the correct function selector of a calldata string. This can lead to malfunction in the system when creating a proposal. Proof of Concept The function selector is suppose to be the hash...
6.7AI Score
Xwiki is prone to a code injection...
9CVSS
9AI Score
0.004EPSS
Multisig's functionality is impaired when Signers#threshold is 1
Lines of code https://github.com/code-423n4/2023-07-axelar/blob/2f9b234bb8222d5fbe934beafede56bfb4522641/contracts/cgp/auth/MultisigBase.sol#L44-L77 https://github.com/code-423n4/2023-07-axelar/blob/2f9b234bb8222d5fbe934beafede56bfb4522641/contracts/cgp/auth/MultisigBase.sol#L159-L161...
6.8AI Score
Allowed calls in LSP6KeyManager doesn't allow calls with empty calldata
Lines of code Vulnerability details Bug Description Whenever a controller attempts to call a LSP0 account's execute() function without the relevant SUPER permissions, LSP6ExecuteModule will check that the call is one of the whitelisted allowed calls. If the controller is trying to perform a call...
6.7AI Score
Incorrect Interface ID for LSP0
Lines of code Vulnerability details Impact The interface ID stated for LSP0 in LSP0Constants.sol and LIP-0 is 0x3e89ad98, which will affect related logics. Proof of Concept According to LIP-0, this ID is derived from the XOR of the following: selector of batchCalls() IDs of the following...
6.8AI Score
A Storage Write Removal Bug in contracts
Lines of code Vulnerability details Summary In _fallbackLSP17Extendable(), Calling functions that conditionally terminate the external EVM call using the assembly statements return(...) may result in incorrect removals of prior storage writes. Impact In LSP17Extendable.sol,...
6.8AI Score
Using supportsERC165InterfaceUnchecked() might break LSP functionality for certain contracts
Lines of code Vulnerability details Bug Description Throughout the codebase, the protocol uses the supportsERC165InterfaceUnchecked() function from Openzeppelin's ERC165Checker.sol to check for the support of ERC-165 interface IDs. However, supportsERC165InterfaceUnchecked() only checks if the...
6.9AI Score
user with ADDEXTENSIONS and CHANGEEXTENSIONS will remove extension unintentional
Lines of code Vulnerability details Summary Adding extension use 4 bytes function selector to add new extension, and if user with ADDEXTENSIONS permission also has CHANGEEXTENSIONS permission and wants to add new extension and there is an extension with that function selector, extension will be...
6.7AI Score
8.8CVSS
7AI Score
0.002EPSS
Debian DLA-3493-1 : symfony - LTS security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3493 advisory. Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without...
8.8CVSS
7.1AI Score
0.002EPSS
[SECURITY] [DLA 3493-1] symfony security update
Debian LTS Advisory DLA-3493-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin July 11, 2023 https://wiki.debian.org/LTS Package : symfony Version : 3.4.22+dfsg-2+deb10u2 CVE...
8.8CVSS
6.6AI Score
0.002EPSS
Function collision between extension functions and account functions
Lines of code Vulnerability details Impact Users or owner can't use extensions because of collision between extension functions and account functions Proof of Concept Whenever someone calls account it will check for functions inside it, if there isn't function it goes to fallback to check...
6.8AI Score
_payFallbackGas is not being paid in case selector is 0x07 or 0x08
Lines of code Vulnerability details Impact _payFallbackGas gas is not being paid for selectors 0x07 and 0x08 which causes a loss for protocol's execution gas budget. In case Execution budget is not enough then anyFallback will fail. Proof of Concept In _payFallbackGas() gas should always be paid...
7.2AI Score
Summary IBM Security Directory Integrator has addressed several security issues in open source packages. Please apply the fix as detailed below. Vulnerability Details ** CVEID: CVE-2018-1270 DESCRIPTION: **Pivotal Spring Framework could allow a remote attacker to execute arbitrary code on the...
9.8CVSS
9.6AI Score
0.937EPSS
[adriro-NEW-M-02]: Wallet design prevents EIP-165 extensibility
Lines of code Vulnerability details [adriro-NEW-M-02]: Wallet design prevents EIP-165 extensibility The current wallet fallback design prevents the extensibility of the EIP-165 functionality. Impact Ambire wallet extensibility is provided by a fallback mechanism. If a fallback handler is defined...
6.7AI Score
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
4.6CVSS
6.8AI Score
0.0005EPSS
Unbreakable Enterprise kernel security update
[5.4.17-2136.320.7] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] - KVM:...
7.8CVSS
8AI Score
0.0004EPSS
ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`
Summary The return value when using delegate call mechanics, either through CallBuilder::delegate or ink_env::invoke_contract_delegate, is being decoded incorrectly. Description Consider this minimal example: ``rust // First contract, this will be performing a delegate call to theCallee`....
5.3CVSS
6.4AI Score
0.001EPSS
ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`
Summary The return value when using delegate call mechanics, either through CallBuilder::delegate or ink_env::invoke_contract_delegate, is being decoded incorrectly. Description Consider this minimal example: ``rust // First contract, this will be performing a delegate call to theCallee`....
5.3CVSS
6.4AI Score
0.001EPSS
createAction() ,castApproval(), castDisapproval() functions vulnerable replay attacks
Lines of code https://github.com/code-423n4/2023-06-llama/blob/9d422c264b57657098c2784aa951852cad32e01c/src/LlamaCore.sol#L259-L268 https://github.com/code-423n4/2023-06-llama/blob/9d422c264b57657098c2784aa951852cad32e01c/src/LlamaCore.sol#L516-L562...
7.2AI Score
Unbreakable Enterprise kernel security update
[5.15.0-102.110.5] - RISC-V: Fix up a cherry-pick warning in setup_vm_final() (Alexandre Ghiti) - Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (Liu Jian) - riscv: mm: remove redundant parameter of create_fdt_early_page_table (Song Shuai) - kernfs:...
7.8CVSS
8.5AI Score
0.0004EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.320.7.el7] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] -...
7.8CVSS
7.8AI Score
0.0004EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.320.7.el8] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] -...
7.8CVSS
7.8AI Score
0.0004EPSS
Lack of reentrancy protection in L1ERC721Bridge.sol
Lines of code Vulnerability details Summary Calling IERC721.transferFrom() in the L1ERC721Bridge._initiateBridgeERC721() after writing the deposit makes a reentrancy attack possible if there is a callback before transfer in the _localToken contract (we will name such a contract ERC721Callback)....
6.5AI Score
Underpaying Optimism l2gas(_minGasLimit) may lead to loss of funds
Lines of code Vulnerability details Impact The contract L1StandardBridge.sol is susceptible to a vulnerability where underpaying the l2Gas(here in all contract, it used as "_minGasLimit") value provided by users can result in a potential loss of funds. This vulnerability exists in the...
6.6AI Score
Security Bulletin: IBM Security Directory Suite is vulnerable to multiple issues
Summary Multiple Security Vulnerabilities in the IBM Security Directory Suite have been addressed by code updates and updating the relevant components. Vulnerability Details ** CVEID: CVE-2022-22475 DESCRIPTION: **IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5.....
9.8CVSS
9.1AI Score
EPSS
Lines of code Vulnerability details Impact _initiateBridgeERC20() does not check if _remoteToken is valid. When the message send to L2, it will cause user lossing funds in L1 Proof of Concept As we can see, the_initiateBridgeERC20 just check _isOptimismMintableERC20(_localToken),if valid ,it will.....
6.7AI Score
If no funds are deposited at the beginning, L1-L2 cannot be transferred out
Lines of code Vulnerability details Impact If user transfer tokenA-tokenB from L1 to L2, and the L2 deposits[tokenB][tokenA] is zero at the beginning.It will cause user lossing his funds. Proof of Concept First, user transfer TokenA, and it will send Message to L2 and L2 will call...
6.7AI Score
Liferay Portal 7.4.3.50 < 7.4.3.51 XSS
Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's Title field....
5.2AI Score
0.001EPSS
Fallback handlers can trick users into calling functions of the AmbireAccount contract
Lines of code Vulnerability details Fallback handlers can trick users into calling functions of the AmbireAccount contract Selector clashing can be used to trick users into calling base functions of the wallet. Impact Fallback handlers provide extensibility to the Ambire wallet. The main idea here....
6.8AI Score
Cross-site scripting in Liferay Portal
Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's Title...
5.4CVSS
5.8AI Score
0.001EPSS
Cross-site scripting in Liferay Portal
Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's Title...
5.4CVSS
5.8AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's Title...
5.4CVSS
5.2AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's Title...
5.4CVSS
6AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's Title...
5.4CVSS
5.3AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's Title...
5.4CVSS
5.3AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's Title...
5.4CVSS
5.5AI Score
0.001EPSS
vyper is vulnerable to Loss of Funds. The vulnerability is due to the call value check being called inside the selector section, which makes it possible to send funds to a non-payable default function by using less then 4 bytes of call data. This can result in the loss of...
6.7AI Score
0.001EPSS
Oracle Linux 8 : libreswan (ELSA-2023-3095)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-3095 advisory. Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector...
6.3AI Score
0.001EPSS
babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [2.5.1-8] - Fix unversioned requires/buildrequires - Resolves: rhbz#1628242 [2.5.1-7] - Remove unversioned binaries - Resolves: rhbz#1613343...
7.5CVSS
7.1AI Score
0.007EPSS
libreswan security and bug fix update
[4.9-2.0.1.2] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.9-2.2] - Update libreswan-4.9-2176248-authby-rsasig.patch [4.9-2.1] - Resolves: rhbz#2187647 authby=rsasig fails in FIPS policy [4.9-2] - Fix CVE-2023-23009: remote DoS via crafted TS payload with an incorrect selector...
6.5CVSS
6.9AI Score
0.001EPSS
Image Builder security, bug fix, and enhancement update
cockpit-composer [45-1.0.1] - Make per page documentation links point to Oracle Linux [Orabug: 32013095] [45-1] - New upstream release [44-1] - New upstream release [43-1] - New upstream release [42-1] - New upstream release [40-1] - New upstream release [39-1] - New upstream release [38-1] - New.....
7.5CVSS
7.4AI Score
0.003EPSS
Vyper's nonpayable default functions are sometimes payable
Impact in contracts with at least one regular nonpayable function, due to the callvalue check being inside of the selector section, it is possible to send funds to the default function by using less than 4 bytes of calldata, even if the default function is marked nonpayable. this applies to...
5.3CVSS
5.2AI Score
0.001EPSS
Vyper's nonpayable default functions are sometimes payable
Impact in contracts with at least one regular nonpayable function, due to the callvalue check being inside of the selector section, it is possible to send funds to the default function by using less than 4 bytes of calldata, even if the default function is marked nonpayable. this applies to...
5.3CVSS
5.4AI Score
0.001EPSS
AlmaLinux 8 : libreswan (ALSA-2023:3095)
The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2023:3095 advisory. Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector...
6.4AI Score
0.001EPSS
Malicious code in docs-component-folder-selector (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (029903e7351485fc54de0e50d6f2f3c9c822895bd8d97930476b5a69f23dd6f9) The OpenSSF Package Analysis project identified 'docs-component-folder-selector' @ 1.0.6 (npm) as malicious. It is considered malicious because: -.....
7.1AI Score
Oracle Linux 9 : libreswan (ELSA-2023-2633)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-2633 advisory. Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector...
6.3AI Score
0.001EPSS
[4.9-2.0.1] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.9-2] - Fix CVE-2023-23009: remote DoS via crafted TS payload with an incorrect selector length...
6.5CVSS
6.9AI Score
0.001EPSS