Eva-al10; Eva-cl00; Eva-dl00; Eva-l09; Eva-l19; Eva-l29; Eva-tl00; Vie-l09; Vie-l29 Security Vulnerabilities
Only one GroupBuy can ever use USDT or similar tokens with front-running approval protections
Lines of code Vulnerability details Calling approve() without first calling approve(0) if the current approval is non-zero will revert with some tokens, such as Tether (USDT). While Tether is known to do this, it applies to other tokens as well, which are trying to protect against this attack...
6.7AI Score
Storage collision in Collateral.sol
Lines of code Vulnerability details Vulnerability details collateral.sol is an upgradeable contract. Upgradeable contracts should not use the constructor to initialize variables, as these will be set in the contract storage of the implementation contract, instead of the intended contract storage...
6.6AI Score
eva-trattner.at Cross Site Scripting vulnerability OBB-3093096
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.2AI Score
Apple announces 3 new security features
Apple has announced three new security features focused on protecting user data in the cloud: iMessage Contact Key Verification, Security Keys for Apple ID, and Advanced Data Protection for iCloud. iMessage Contact Key Verification and Security Keys for Apple ID will be available globally in 2023.....
0.3AI Score
LPDA.sol and FixedPrice.sol will lock the funds forever
Lines of code https://github.com/code-423n4/2022-12-escher/blob/main/src/minters/FixedPriceFactory.sol#L29-L38 https://github.com/code-423n4/2022-12-escher/blob/main/src/minters/OpenEditionFactory.sol#L29-L38 Vulnerability details Impact Possibility of IDs collision The ether will be locked on...
6.8AI Score
Ether can be lost in LPDA contract if sale.dropPerSecond is set improperly
Lines of code https://github.com/code-423n4/2022-12-escher/blob/main/src/minters/LPDA.sol#L143 https://github.com/code-423n4/2022-12-escher/blob/main/src/minters/LPDA.sol#L63 https://github.com/code-423n4/2022-12-escher/blob/main/src/minters/LPDA.sol#L101 Vulnerability details Impact Function...
6.7AI Score
LPDA can be initialized with parameters that will revert getPrice()
Lines of code https://github.com/code-423n4/2022-12-escher/blob/5d8be6aa0e8634fdb2f328b99076b0d05fefab73/src/minters/LPDAFactory.sol#L29-L42 Vulnerability details Impact LPDA Sales can start reverting the buy() and refund() functions at some point of time if initialized with incorrect parameters...
6.7AI Score
DoS on relayCalls when the nonce variable reach type(uint256).max
Lines of code https://github.com/pooltogether/ERC5164/blob/5647bd84f2a6d1a37f41394874d567e45a97bf48/src/ethereum-optimism/EthereumToOptimismRelayer.sol#L49-L78...
6.7AI Score
Security Advisory - Improper Authorization Vulnerability in a Huawei Children's Watch
Huawei Aslan Children's Watch has an improper authorization vulnerability. Successful exploit could allow the attacker to access certain file. (Vulnerability ID:HWPSIRT-2022-62345) This vulnerability has been assigned a (CVE) ID:...
5.5CVSS
5.4AI Score
0.0004EPSS
Possible double spending issue for PirexERC4626 vault
Lines of code Vulnerability details Impact Solmate's ERC20 does not provide option to increase/decrease allowance, and only option to do so is by setting it via approve - which sets this amount directly. This poses a problem of double spending, when a user want to check current allowance, and bad.....
6.8AI Score
Security Advisory - Improper Input Validation Vulnerability in a Huawei Children's Watch
Huawei Aslan Children's Watch has an improper input validation vulnerability. Successful exploitation may cause the watch's application service abnormal. (Vulnerability ID:HWPSIRT-2022-53187) This vulnerability has been assigned a (CVE) ID:...
7.5CVSS
7.1AI Score
0.001EPSS
batchDepositETHForStaking in GiantSavETHVaultPool.sol can be ticked to steal all ETH in the pool
Lines of code Vulnerability details Impact All Eth can be drained by fake vault addresses. https://github.com/code-423n4/2022-11-stakehouse/blob/4b6828e9c807f2f7c569e6d721ca1289f7cf7112/contracts/liquid-staking/GiantSavETHVaultPool.sol#L29 Proof of Concept In batchDepositETHForStaking,...
6.8AI Score
Admin can drain user funds from the Pool or buy assets for free
Lines of code https://github.com/code-423n4/2022-11-non-fungible/blob/main/contracts/Exchange.sol#L251 https://github.com/code-423n4/2022-11-non-fungible/blob/main/contracts/Exchange.sol#L565-L581 https://github.com/code-423n4/2022-11-non-fungible/blob/main/contracts/Pool.sol#L70-L74 Vulnerability....
6.6AI Score
SpigotLib._claimRevenue is marked public instead of internal
Lines of code Vulnerability details Impact SpigotLib._claimRevenue is marked public instead of internal. This public function is wrapped in the external claimRevenue function. Attacker can call _claimRevenue to claim Revenue Tokens into the Spigot escrow for later withradrawal. Tools Used Manual...
6.9AI Score
Cross-chain replay attacks are possible with create2()
Lines of code Vulnerability details Impact Mistakes made on one chain can be re-applied to a new chain There is no chain.id in the create2() function data If a user does create2() using the wrong network, an attacker can replay the action on the correct chain, and steal the funds a-la the...
6.9AI Score
libde265.so is vulnerable to denial of service. The vulnerability exists due to a segmentation violation in the apply_sao_internal function of sao.cc which allows a remote attacker to crash the application via a malicious video...
6.5CVSS
7AI Score
0.001EPSS
Security Advisory - Path Traversal Vulnerability in a Huawei Children's Watch
Huawei Aslan Children's Watch has a path traversal vulnerability. Successful exploitation may allow attackers to access or modify protected system resources. (Vulnerability ID:HWPSIRT-2022-99716) This vulnerability has been assigned a (CVE) ID:...
7.8CVSS
7.2AI Score
0.0004EPSS
SimpleERC20Escrow's initialize() can be frontrun
Lines of code https://github.com/code-423n4/2022-10-inverse/blob/3e81f0f5908ea99b36e6ab72f13488bbfe622183/src/Market.sol#L245-L251 https://github.com/code-423n4/2022-10-inverse/blob/3e81f0f5908ea99b36e6ab72f13488bbfe622183/src/Market.sol#L246-L248...
6.8AI Score
Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before...
8.8CVSS
0.001EPSS
Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before...
8.8CVSS
8.6AI Score
0.001EPSS
Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before...
8.8CVSS
6.9AI Score
0.001EPSS
CVE-2022-0074 Privilege Escalation in OpenLiteSpeed Web Server
Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before...
8.8CVSS
8.9AI Score
0.001EPSS
JoeLibrary.sol#L19 : quote does not follow the constant sum formula to get the reserve value
Lines of code Vulnerability details Impact The quoted reserve value is not based on the constant sum approach. It is based on constant product method. The quoted values are not correct for constant sum based approach. Proof of Concept As per the Joe documentation, it says that joe is based on...
6.8AI Score
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions 12.9.99.228 and above, prior to 14.0.99.24, authorizations are not properly verified when updating the branch prefix used by the GitLab repository integration. Authenticated users can....
5.4CVSS
0.001EPSS
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions 12.9.99.228 and above, prior to 14.0.99.24, authorizations are not properly verified when updating the branch prefix used by the GitLab repository integration. Authenticated users can....
5.4CVSS
5.2AI Score
0.001EPSS
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions 12.9.99.228 and above, prior to 14.0.99.24, authorizations are not properly verified when updating the branch prefix used by the GitLab repository integration. Authenticated users can....
5.4CVSS
5.2AI Score
0.001EPSS
CVE-2022-39233 Tuleap subject to Missing Authorization allowing for branch prefix modification
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions 12.9.99.228 and above, prior to 14.0.99.24, authorizations are not properly verified when updating the branch prefix used by the GitLab repository integration. Authenticated users can....
4.3CVSS
5.5AI Score
0.001EPSS
MySQL JDBC deserialization vulnerability
Impact In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java, MysqlConfiguration class don't filter any parameters,...
9.8CVSS
9.2AI Score
0.001EPSS
eva-strautmann.com Cross Site Scripting vulnerability OBB-2999005
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
AI Score
In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the.....
9CVSS
0.001EPSS
In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the.....
9CVSS
9.1AI Score
0.001EPSS
In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the.....
9CVSS
7AI Score
0.001EPSS
CVE-2022-32177 Gin-vue-admin - Unrestricted File Upload
In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the.....
9.3AI Score
0.001EPSS
ERC1155's Amount Parameter Manipulation To Steal Buyers' Funds
Lines of code https://github.com/code-423n4/2022-10-blur/blob/2fdaa6e13b544c8c11d1c022a575f16c3a72e3bf/contracts/matchingPolicies/StandardPolicyERC1155.sol#L59 https://github.com/code-423n4/2022-10-blur/blob/2fdaa6e13b544c8c11d1c022a575f16c3a72e3bf/contracts/BlurExchange.sol#L425...
6.8AI Score
Lines of code https://github.com/code-423n4/2022-09-quickswap/blob/15ea643c85ed936a92d2676a7aabf739b210af39/src/core/contracts/libraries/TickMath.sol#L29 Vulnerability details Impact Type Error Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any...
7.2AI Score
It is possible to add more than 15 properties
Lines of code Vulnerability details The total number of properties is now limited to be 15 or less with hard code on the storage structures level. In the same time it is possible to add unlimited number of properties with MetadataRenderer's addProperties(). If this happens, with a malicious intent....
7.1AI Score
eva-formationbenevoles.fr Cross Site Scripting vulnerability OBB-2854844
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.1AI Score
Multiplication performed after division can truncate the results
Lines of code https://github.com/code-423n4/2022-08-frax/blob/92a8d7d331cc718cd64de6b02515b554672fb0f3/src/contracts/FraxlendPairCore.sol#L409-L497 https://github.com/code-423n4/2022-08-frax/blob/92a8d7d331cc718cd64de6b02515b554672fb0f3/src/contracts/FraxlendPairCore.sol#L911-L942...
6.9AI Score
Possible frontrunning attack in Vault.
Lines of code https://github.com/code-423n4/2022-08-frax/blob/c4189a3a98b38c8c962c5ea72f1a322fbc2ae45f/src/contracts/FraxlendPairCore.sol#L583-L595 https://github.com/code-423n4/2022-08-frax/blob/c4189a3a98b38c8c962c5ea72f1a322fbc2ae45f/src/contracts/FraxlendPairCore.sol#L676-L685 Vulnerability...
6.7AI Score