Gwyn's Imagemap Selector Security Vulnerabilities

Malicious code in fc-account-selector (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (e2a2b9137afe6979e5b25e3e2aba4da1a9152feee7e21f1fc61c909273642d2c) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Solmate's safeTransfer can result in failed transfer with low level call and won't revert as it does not check the codesize of to address, which may lead to loss of funds

Lines of code https://github.com/code-423n4/2023-01-canto-identity/tree/main/src/CidNFT.sol#L193 https://github.com/code-423n4/2023-01-canto-identity/tree/main/src/SubprotocolRegistry.sol#L87 Vulnerability details The following contract use solmate's SafeTransferLib :...

DOS mint and add by frontrunning

Lines of code Vulnerability details Impact CidNFT.mint(bytes[]) allow user to mint and add subprotocol NFTs directly after minting. The _addList args to the add call include the _cidNFTID param, which can change if there are other mint before the user's transaction. Proof of Concept An attacker...

Attacker can steal the NFT bought by sending it to another vault he control

Lines of code Vulnerability details Impact The mitigation of H-08 try to validate the vault returned by _market with the VaultRegistry. However, it only validated if the vault exists, but not if it is the correct vault. A similar attack described in code-423n4/2022-12-tessera-findings#47 can be...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 7 (Moderate) (RHSA-2020:4246)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4246 advisory. picketbox: JBoss EAP reload to admin-only mode allows authentication bypass (CVE-2020-14299) wildfly: XML validation manipulation due to...

Adobe: Adobe Experience Manager 'Childlist selector' - Cross-Site Scripting on cbconnection.adobe.com

We appreciate the collaboration and responsible disclosure of this...

Adobe: Adobe Experience Manager 'Childlist selector' - Cross-Site Scripting on cbconnection-stage.adobe.com

We appreciate the collaboration and responsible disclosure of this...

Unbreakable Enterprise kernel security update

[5.15.0-6.80.3.1] - Revert 'rds: ib: Enable FC by default' (Hakon Bugge) [Orabug: 34964359] [5.15.0-6.80.3] - net/mlx5: Suppress error logging on UCTX creation (Marina) [Orabug: 34888471] - rds: ib: Fix leaked MRs during kexec (Hakon Bugge) [Orabug: 34892082] - uek-rpm: Add ptp_kvm.ko to core...

Unbreakable Enterprise kernel-container security update

[5.15.0-6.80.3.1] - Revert 'rds: ib: Enable FC by default' (Hakon Bugge) [Orabug: 34964359] [5.15.0-6.80.3] - net/mlx5: Suppress error logging on UCTX creation (Marina) [Orabug: 34888471] - rds: ib: Fix leaked MRs during kexec (Hakon Bugge) [Orabug: 34892082] - uek-rpm: Add ptp_kvm.ko to core...

Regular Expression Denial Of Service (ReDoS)

mootools-core is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability exists via the Slick.parse function in Slick.Parser.js, which does not properly handle user-injected string into a CSS selector at runtime, which allows remote attackers to cause denial of service...

MooTools Regular Expression Denial of Service

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...

MooTools Regular Expression Denial of Service

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...

CVE-2021-32821

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...

CVE-2021-32821

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...

CVE-2021-32821

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...

CVE-2021-32821

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...

Design/Logic Flaw

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...

CVE-2021-32821

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...

CVE-2021-32821 Regular expression Denial of Service in MooTools

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...

SUSE: Security Advisory (SUSE-SU-2022:4616-1)

The remote host is missing an update for...

Fedora 36 : drupal7 (2022-9d655503ea)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-9d655503ea advisory. Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to...

Fedora 35 : drupal7 (2022-bf18450366)

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-bf18450366 advisory. Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to...

Collateral NFT deposited to a wrong address, when transferred directly to PaprController

Lines of code Vulnerability details Impact Users will lose collateral NFTs when they are transferred to PaprController by an approved address or an operator. Proof of Concept The PaprController allows users to deposit NFTs as collateral to borrow Papr tokens. One of the way of depositing is by...

PaprController.onERC721Received() assigns collateral to operator's vault instead of the nft owner's one

Lines of code Vulnerability details Impact The collateral is assigned to the operator's vault because of a parameter mismatch. This impacts the ability of third parties to integrate the PaprController contract. You're not able to create an intermediary contract that adds collateral to a user's...

Misunderstanding operator with from

Lines of code Vulnerability details Author: rotcivegaf Impact The owner of the ERC721 token could approve an operator to manage his tokens With the misunderstanding of operator with from in the onERC721Received function the benefits of this function goes to the operator instead of the...

CVE-2022-44643

A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not...

CVE-2022-44643

A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not...

Design/Logic Flaw

A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not...

CVE-2022-44643 Access policy with access to all tenants and using label selectors has more access

A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not...

SUSE: Security Advisory (SUSE-SU-2022:4503-1)

The remote host is missing an update for...

[SECURITY] Fedora 36 Update: rubygem-nokogiri-1.13.10-1.fc36

Nokogiri parses and searches XML/HTML very quickly, and also has correctly implemented CSS3 selector support as well as XPath support. Nokogiri also features an Hpricot compatibility layer to help ease the chan ge to using correct CSS and...

[SECURITY] Fedora 37 Update: rubygem-nokogiri-1.13.10-1.fc37

Nokogiri parses and searches XML/HTML very quickly, and also has correctly implemented CSS3 selector support as well as XPath support. Nokogiri also features an Hpricot compatibility layer to help ease the chan ge to using correct CSS and...

Fedora: Security Advisory for rubygem-nokogiri (FEDORA-2022-b5c325caad)

The remote host is missing an update for...

Fedora: Security Advisory for rubygem-nokogiri (FEDORA-2022-acff3f54b2)

The remote host is missing an update for...

Debian DLA-3230-1 : jqueryui - LTS security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3230 advisory. jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from...

Debian: Security Advisory (DLA-3230-1)

The remote host is missing an update for the...

[SECURITY] [DLA 3230-1] jqueryui security update

Debian LTS Advisory DLA-3230-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 07, 2022 https://wiki.debian.org/LTS Package : jqueryui Version : 1.12.1+dfsg-5+deb10u1 CVE...

Unbreakable Enterprise kernel security update

[4.14.35-2047.519.2.1] - xfs: trim IO to found COW extent limit (Eric Sandeen) [Orabug: 34765284] - xfs: don't use delalloc extents for COW on files with extsize hints (Christoph Hellwig) [Orabug: 34765284] [4.14.35-2047.519.2] - Revert 'xfs: don't use delalloc extents for COW on files with...

Unbreakable Enterprise kernel-container security update

[4.14.35-2047.519.2.1.el7] - xfs: trim IO to found COW extent limit (Eric Sandeen) [Orabug: 34765284] - xfs: don't use delalloc extents for COW on files with extsize hints (Christoph Hellwig) [Orabug: 34765284] [4.14.35-2047.519.2] - Revert 'xfs: don't use delalloc extents for COW on files with...

ETH amount that is trapped in LooksRareAggregator contract can be withdrawn by user who is not LooksRareAggregator's owner

Lines of code https://github.com/code-423n4/2022-11-looksrare/blob/main/contracts/LooksRareAggregator.sol#L51-L112 https://github.com/code-423n4/2022-11-looksrare/blob/main/contracts/lowLevelCallers/LowLevelETH.sol#L43-L49 Vulnerability details Impact When ETH amount is trapped in the...

The owner of the contract can broke the storage of the LooksRareAggregator contract

Lines of code https://github.com/code-423n4/2022-11-looksrare/blob/main/contracts/LooksRareAggregator.sol#L88 Vulnerability details Impact The owner of the contract can broke the storage of the LooksRareAggregator contract Proof of Concept The addFunction() function -...

User can drain all ether from LooksRareAggregator contract

Lines of code Vulnerability details Impact Anyone could drain all ether from this contract. Proof of Concept function execute( TokenTransfer[] calldata tokenTransfers, TradeData[] calldata tradeData, address originator, address recipient, bool isAtomic ...

New Vulnerability in Popular Widget Shows Risks of Third-Party Code

UPDATE: Snyk has recently addressed 2 additional vulnerabilities we have reported to them, CVE-2022-24441 and CVE-2022-22984, affecting versions of Snyk CLI before XXX, which leads to arbitrary code execution when scanning untrusted Maven or Gradle projects. Similar to CVE-2022-40764 these...

uint16 type for the facet position and selector position

Lines of code https://github.com/code-423n4/2022-10-zksync/blob/main/ethereum/contracts/zksync/libraries/Diamond.sol#L33 https://github.com/code-423n4/2022-10-zksync/blob/main/ethereum/contracts/zksync/libraries/Diamond.sol#L190...

Dell Wyse Management Suite < 3.7 Multiple Vulnerabilities (DSA-2022-143)

The version of Dell Wyse Management Suite installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the DSA-2022-143 advisory. jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value...

Security update for the Linux Kernel (important)

An update that solves 32 vulnerabilities, contains two features and has 84 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2016-3695: Fixed an issue inside the...

Security update for the Linux Kernel (important)

An update that solves 17 vulnerabilities, contains one feature and has 29 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users...

PA1D._payoutTokens() won't work for USDT and other inconsistent ERC20 tokens.

Lines of code Vulnerability details Impact Some ERC20 tokens (USDT, BNB, OMG) do not return a boolean on succesful transfer. Checking the returned value of transfer for these tokens will always fail. Proof of Concept Usage of ERC20 interface and require statement in PA1D.sol....

Optimistic bridging pattern, can lead to bridge exploitation

Lines of code https://github.com/holographxyz/holograph-protocol/blob/c4_audit/contracts/HolographBridge.sol#L270 Vulnerability details Impact Zero deposit Bridging. Wherease users can fake the depositing process but can mint multiple tokens in the destination chain. The bridging is optimistic,...

Unbreakable Enterprise kernel security update

[5.15.0-3.60.5.1] - fs: remove no_llseek (Jason A. Donenfeld) [Orabug: 34721465] - vfio: do not set FMODE_LSEEK flag (Jason A. Donenfeld) [Orabug: 34721465] - dma-buf: remove useless FMODE_LSEEK flag (Jason A. Donenfeld) [Orabug: 34721465] - fs: do not compare against -&gt;llseek (Jason A....