Lucene search

K

Gwyn's Imagemap Selector Security Vulnerabilities

code423n4
code423n4

Attackers might be able to avoid calling reference modules when creating publications

Lines of code Vulnerability details Bug Description When comment(), mirror or quote() is called on a publication with a reference module, the reference module will be called. For example, when a user mirrors another publication with a reference module, the processMirror() function of that...

6.8AI Score

2023-07-31 12:00 AM
code423n4
code423n4

Malicious user can create an harmful proposal and execute it by setting a very low quorum .

Lines of code Vulnerability details Impact Malicious user can create an harmful proposal and execute it by setting a very low quorum . Which can lead to very bad consequences . Proof of Concept When creating a proposal, quorum is calculation logic looks like this : // get the quorum...

6.9AI Score

2023-07-28 12:00 AM
1
code423n4
code423n4

_getSelector does not return the right selector

Lines of code Vulnerability details Impact _getSelector(...) function in the CoreVoting.sol will NEVER return the correct function selector of a calldata string. This can lead to malfunction in the system when creating a proposal. Proof of Concept The function selector is suppose to be the hash...

6.7AI Score

2023-07-28 12:00 AM
1
openvas

9CVSS

9AI Score

0.004EPSS

2023-07-25 12:00 AM
3
code423n4
code423n4

Multisig's functionality is impaired when Signers#threshold is 1

Lines of code https://github.com/code-423n4/2023-07-axelar/blob/2f9b234bb8222d5fbe934beafede56bfb4522641/contracts/cgp/auth/MultisigBase.sol#L44-L77 https://github.com/code-423n4/2023-07-axelar/blob/2f9b234bb8222d5fbe934beafede56bfb4522641/contracts/cgp/auth/MultisigBase.sol#L159-L161...

6.8AI Score

2023-07-21 12:00 AM
2
code423n4
code423n4

Allowed calls in LSP6KeyManager doesn't allow calls with empty calldata

Lines of code Vulnerability details Bug Description Whenever a controller attempts to call a LSP0 account's execute() function without the relevant SUPER permissions, LSP6ExecuteModule will check that the call is one of the whitelisted allowed calls. If the controller is trying to perform a call...

6.7AI Score

2023-07-14 12:00 AM
3
code423n4
code423n4

Incorrect Interface ID for LSP0

Lines of code Vulnerability details Impact The interface ID stated for LSP0 in LSP0Constants.sol and LIP-0 is 0x3e89ad98, which will affect related logics. Proof of Concept According to LIP-0, this ID is derived from the XOR of the following: selector of batchCalls() IDs of the following...

6.8AI Score

2023-07-14 12:00 AM
5
code423n4
code423n4

A Storage Write Removal Bug in contracts

Lines of code Vulnerability details Summary In _fallbackLSP17Extendable(), Calling functions that conditionally terminate the external EVM call using the assembly statements return(...) may result in incorrect removals of prior storage writes. Impact In LSP17Extendable.sol,...

6.8AI Score

2023-07-14 12:00 AM
5
code423n4
code423n4

Using supportsERC165InterfaceUnchecked() might break LSP functionality for certain contracts

Lines of code Vulnerability details Bug Description Throughout the codebase, the protocol uses the supportsERC165InterfaceUnchecked() function from Openzeppelin's ERC165Checker.sol to check for the support of ERC-165 interface IDs. However, supportsERC165InterfaceUnchecked() only checks if the...

6.9AI Score

2023-07-14 12:00 AM
4
code423n4
code423n4

user with ADDEXTENSIONS and CHANGEEXTENSIONS will remove extension unintentional

Lines of code Vulnerability details Summary Adding extension use 4 bytes function selector to add new extension, and if user with ADDEXTENSIONS permission also has CHANGEEXTENSIONS permission and wants to add new extension and there is an extension with that function selector, extension will be...

6.7AI Score

2023-07-14 12:00 AM
3
openvas
openvas

Debian: Security Advisory (DLA-3493-1)

The remote host is missing an update for the...

8.8CVSS

7AI Score

0.002EPSS

2023-07-12 12:00 AM
6
nessus
nessus

Debian DLA-3493-1 : symfony - LTS security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3493 advisory. Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without...

8.8CVSS

7.1AI Score

0.002EPSS

2023-07-12 12:00 AM
7
debian
debian

[SECURITY] [DLA 3493-1] symfony security update

Debian LTS Advisory DLA-3493-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin July 11, 2023 https://wiki.debian.org/LTS Package : symfony Version : 3.4.22+dfsg-2+deb10u2 CVE...

8.8CVSS

6.6AI Score

0.002EPSS

2023-07-11 11:19 PM
5
code423n4
code423n4

Function collision between extension functions and account functions

Lines of code Vulnerability details Impact Users or owner can't use extensions because of collision between extension functions and account functions Proof of Concept Whenever someone calls account it will check for functions inside it, if there isn't function it goes to fallback to check...

6.8AI Score

2023-07-10 12:00 AM
7
code423n4
code423n4

_payFallbackGas is not being paid in case selector is 0x07 or 0x08

Lines of code Vulnerability details Impact _payFallbackGas gas is not being paid for selectors 0x07 and 0x08 which causes a loss for protocol's execution gas budget. In case Execution budget is not enough then anyFallback will fail. Proof of Concept In _payFallbackGas() gas should always be paid...

7.2AI Score

2023-07-05 12:00 AM
3
ibm
ibm

Security Bulletin: IBM Security Directory Integrator is affected by multiple security vulnerabilities

Summary IBM Security Directory Integrator has addressed several security issues in open source packages. Please apply the fix as detailed below. Vulnerability Details ** CVEID: CVE-2018-1270 DESCRIPTION: **Pivotal Spring Framework could allow a remote attacker to execute arbitrary code on the...

9.8CVSS

9.6AI Score

0.937EPSS

2023-06-22 04:30 PM
25
code423n4
code423n4

[adriro-NEW-M-02]: Wallet design prevents EIP-165 extensibility

Lines of code Vulnerability details [adriro-NEW-M-02]: Wallet design prevents EIP-165 extensibility The current wallet fallback design prevents the extensibility of the EIP-165 functionality. Impact Ambire wallet extensibility is provided by a fallback mechanism. If a fallback handler is defined...

6.7AI Score

2023-06-21 12:00 AM
1
ics
ics

Siemens SIMOTION

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

4.6CVSS

6.8AI Score

0.0005EPSS

2023-06-15 12:00 PM
7
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.4.17-2136.320.7] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] - KVM:...

7.8CVSS

8AI Score

0.0004EPSS

2023-06-15 12:00 AM
45
osv
osv

ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`

Summary The return value when using delegate call mechanics, either through CallBuilder::delegate or ink_env::invoke_contract_delegate, is being decoded incorrectly. Description Consider this minimal example: ``rust // First contract, this will be performing a delegate call to theCallee`....

5.3CVSS

6.4AI Score

0.001EPSS

2023-06-14 08:11 PM
5
github
github

ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`

Summary The return value when using delegate call mechanics, either through CallBuilder::delegate or ink_env::invoke_contract_delegate, is being decoded incorrectly. Description Consider this minimal example: ``rust // First contract, this will be performing a delegate call to theCallee`....

5.3CVSS

6.4AI Score

0.001EPSS

2023-06-14 08:11 PM
9
code423n4
code423n4

createAction() ,castApproval(), castDisapproval() functions vulnerable replay attacks

Lines of code https://github.com/code-423n4/2023-06-llama/blob/9d422c264b57657098c2784aa951852cad32e01c/src/LlamaCore.sol#L259-L268 https://github.com/code-423n4/2023-06-llama/blob/9d422c264b57657098c2784aa951852cad32e01c/src/LlamaCore.sol#L516-L562...

7.2AI Score

2023-06-14 12:00 AM
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.15.0-102.110.5] - RISC-V: Fix up a cherry-pick warning in setup_vm_final() (Alexandre Ghiti) - Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (Liu Jian) - riscv: mm: remove redundant parameter of create_fdt_early_page_table (Song Shuai) - kernfs:...

7.8CVSS

8.5AI Score

0.0004EPSS

2023-06-13 12:00 AM
19
oraclelinux
oraclelinux

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.320.7.el7] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] -...

7.8CVSS

7.8AI Score

0.0004EPSS

2023-06-13 12:00 AM
36
oraclelinux
oraclelinux

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.320.7.el8] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] -...

7.8CVSS

7.8AI Score

0.0004EPSS

2023-06-13 12:00 AM
9
code423n4
code423n4

Lack of reentrancy protection in L1ERC721Bridge.sol

Lines of code Vulnerability details Summary Calling IERC721.transferFrom() in the L1ERC721Bridge._initiateBridgeERC721() after writing the deposit makes a reentrancy attack possible if there is a callback before transfer in the _localToken contract (we will name such a contract ERC721Callback)....

6.5AI Score

2023-06-09 12:00 AM
1
code423n4
code423n4

Underpaying Optimism l2gas(_minGasLimit) may lead to loss of funds

Lines of code Vulnerability details Impact The contract L1StandardBridge.sol is susceptible to a vulnerability where underpaying the l2Gas(here in all contract, it used as "_minGasLimit") value provided by users can result in a potential loss of funds. This vulnerability exists in the...

6.6AI Score

2023-06-09 12:00 AM
31
ibm
ibm

Security Bulletin: IBM Security Directory Suite is vulnerable to multiple issues

Summary Multiple Security Vulnerabilities in the IBM Security Directory Suite have been addressed by code updates and updating the relevant components. Vulnerability Details ** CVEID: CVE-2022-22475 DESCRIPTION: **IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5.....

9.8CVSS

9.1AI Score

EPSS

2023-06-06 06:05 PM
44
code423n4
code423n4

_initiateBridgeERC20() does not check if _remoteToken is valid. When the message send to L2, it will cause user lossing funds in L1

Lines of code Vulnerability details Impact _initiateBridgeERC20() does not check if _remoteToken is valid. When the message send to L2, it will cause user lossing funds in L1 Proof of Concept As we can see, the_initiateBridgeERC20 just check _isOptimismMintableERC20(_localToken),if valid ,it will.....

6.7AI Score

2023-06-02 12:00 AM
7
code423n4
code423n4

If no funds are deposited at the beginning, L1-L2 cannot be transferred out

Lines of code Vulnerability details Impact If user transfer tokenA-tokenB from L1 to L2, and the L2 deposits[tokenB][tokenA] is zero at the beginning.It will cause user lossing his funds. Proof of Concept First, user transfer TokenA, and it will send Message to L2 and L2 will call...

6.7AI Score

2023-06-02 12:00 AM
9
nessus
nessus

Liferay Portal 7.4.3.50 < 7.4.3.51 XSS

Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's Title field....

5.2AI Score

0.001EPSS

2023-05-29 12:00 AM
7
code423n4
code423n4

Fallback handlers can trick users into calling functions of the AmbireAccount contract

Lines of code Vulnerability details Fallback handlers can trick users into calling functions of the AmbireAccount contract Selector clashing can be used to trick users into calling base functions of the wallet. Impact Fallback handlers provide extensibility to the Ambire wallet. The main idea here....

6.8AI Score

2023-05-26 12:00 AM
2
github
github

Cross-site scripting in Liferay Portal

Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's Title...

5.4CVSS

5.8AI Score

0.001EPSS

2023-05-24 03:30 PM
8
osv
osv

Cross-site scripting in Liferay Portal

Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's Title...

5.4CVSS

5.8AI Score

0.001EPSS

2023-05-24 03:30 PM
9
cve
cve

CVE-2023-33942

Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's Title...

5.4CVSS

5.2AI Score

0.001EPSS

2023-05-24 03:15 PM
26
osv
osv

CVE-2023-33942

Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's Title...

5.4CVSS

6AI Score

0.001EPSS

2023-05-24 03:15 PM
1
nvd
nvd

CVE-2023-33942

Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's Title...

5.4CVSS

5.3AI Score

0.001EPSS

2023-05-24 03:15 PM
prion
prion

Cross site scripting

Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's Title...

5.4CVSS

5.3AI Score

0.001EPSS

2023-05-24 03:15 PM
6
cvelist
cvelist

CVE-2023-33942

Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's Title...

5.4CVSS

5.5AI Score

0.001EPSS

2023-05-24 02:49 PM
veracode
veracode

Loss Of Funds

vyper is vulnerable to Loss of Funds. The vulnerability is due to the call value check being called inside the selector section, which makes it possible to send funds to a non-payable default function by using less then 4 bytes of call data. This can result in the loss of...

6.7AI Score

0.001EPSS

2023-05-24 12:17 PM
6
nessus
nessus

Oracle Linux 8 : libreswan (ELSA-2023-3095)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-3095 advisory. Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector...

6.3AI Score

0.001EPSS

2023-05-24 12:00 AM
4
oraclelinux
oraclelinux

python27:2.7 security update

babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [2.5.1-8] - Fix unversioned requires/buildrequires - Resolves: rhbz#1628242 [2.5.1-7] - Remove unversioned binaries - Resolves: rhbz#1613343...

7.5CVSS

7.1AI Score

0.007EPSS

2023-05-24 12:00 AM
113
oraclelinux
oraclelinux

libreswan security and bug fix update

[4.9-2.0.1.2] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.9-2.2] - Update libreswan-4.9-2176248-authby-rsasig.patch [4.9-2.1] - Resolves: rhbz#2187647 authby=rsasig fails in FIPS policy [4.9-2] - Fix CVE-2023-23009: remote DoS via crafted TS payload with an incorrect selector...

6.5CVSS

6.9AI Score

0.001EPSS

2023-05-24 12:00 AM
6
oraclelinux
oraclelinux

Image Builder security, bug fix, and enhancement update

cockpit-composer [45-1.0.1] - Make per page documentation links point to Oracle Linux [Orabug: 32013095] [45-1] - New upstream release [44-1] - New upstream release [43-1] - New upstream release [42-1] - New upstream release [40-1] - New upstream release [39-1] - New upstream release [38-1] - New.....

7.5CVSS

7.4AI Score

0.003EPSS

2023-05-24 12:00 AM
22
osv
osv

Vyper's nonpayable default functions are sometimes payable

Impact in contracts with at least one regular nonpayable function, due to the callvalue check being inside of the selector section, it is possible to send funds to the default function by using less than 4 bytes of calldata, even if the default function is marked nonpayable. this applies to...

5.3CVSS

5.2AI Score

0.001EPSS

2023-05-22 08:35 PM
15
github
github

Vyper's nonpayable default functions are sometimes payable

Impact in contracts with at least one regular nonpayable function, due to the callvalue check being inside of the selector section, it is possible to send funds to the default function by using less than 4 bytes of calldata, even if the default function is marked nonpayable. this applies to...

5.3CVSS

5.4AI Score

0.001EPSS

2023-05-22 08:35 PM
7
nessus
nessus

AlmaLinux 8 : libreswan (ALSA-2023:3095)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2023:3095 advisory. Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector...

6.4AI Score

0.001EPSS

2023-05-19 12:00 AM
4
osv
osv

Malicious code in docs-component-folder-selector (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (029903e7351485fc54de0e50d6f2f3c9c822895bd8d97930476b5a69f23dd6f9) The OpenSSF Package Analysis project identified 'docs-component-folder-selector' @ 1.0.6 (npm) as malicious. It is considered malicious because: -.....

7.1AI Score

2023-05-18 03:05 PM
2
nessus
nessus

Oracle Linux 9 : libreswan (ELSA-2023-2633)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-2633 advisory. Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector...

6.3AI Score

0.001EPSS

2023-05-17 12:00 AM
6
oraclelinux
oraclelinux

libreswan security update

[4.9-2.0.1] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.9-2] - Fix CVE-2023-23009: remote DoS via crafted TS payload with an incorrect selector length...

6.5CVSS

6.9AI Score

0.001EPSS

2023-05-17 12:00 AM
5
Total number of security vulnerabilities1696