Possible frontrun on deposits on LiquidityPool
Lines of code https://github.com/code-423n4/2022-03-biconomy/blob/main/contracts/hyphen/LiquidityPool.sol#L175-L188 Vulnerability details Impact Rewards are given to a user for depositing either ERC20 tokens or their native token into the LiquidityPool. This reward is used to incentivize users to.....
6.9AI Score
Sending tokens close to the maximum will fail and user will lose tokens
Lines of code https://github.com/code-423n4/2022-03-biconomy/blob/04751283f85c9fc94fb644ff2b489ec339cd9ffc/contracts/hyphen/LiquidityPool.sol#L273 Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept When a user calls the deposit function the reward...
6.8AI Score
LiquidityFarming.withdraw permanently freezes any unpaidRewards left
Lines of code Vulnerability details Impact Remainder nft.unpaidRewards are lost and cannot be retrieved after LiquidityFarming.withdraw. I.e. it is not possible to extractRewards for unpaidRewards later if withdraw being called when balance wasn't sufficient to fulfil the full withdraw of the...
6.6AI Score
Reward and base token decimals difference isn't accounted for in LiquidityFarming
Lines of code Vulnerability details Impact Reward and base token decimals can differ, while this difference isn't accounted for in the reward amount calculations, which will lead to either missing rewards or sending the whole rewards balance to the first eligible user. For example: If reward is...
6.8AI Score
Reward calculations can be rendered to zero due to the lack of precision
Lines of code Vulnerability details Impact On a combination of high enough token value and low enough decimals there can be not enough precision to store reward amount, which can be permanently hid from a user as a result. I.e. on such a combination there will effectively be no rewards for some...
6.6AI Score
Exploit for Improper Authentication in Linux Linux Kernel
CVE-2022-0492 容器逃逸分析 [toc] 漏洞简介 漏洞编号: CVE-2022-0492...
7.8CVSS
8.2AI Score
0.095EPSS
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Metabase
CVE-2021-41277...
10CVSS
8.7AI Score
0.954EPSS
Exploit for Improper Initialization in Linux Linux Kernel
CVE-2022-0847 Dirty Pipe linux内核提权分析 [toc]...
7.8CVSS
8AI Score
0.076EPSS
Exploit for Improper Initialization in Linux Linux Kernel
title: CVE-2022-0847(DirtyPipe本地提权)漏洞分析 date: 2022-03-08...
7.8CVSS
-0.1AI Score
0.076EPSS
bEth Rewards May Be Depleted By Flashloans or Whales
Lines of code Vulnerability details Impact Rewards are dispersed to users as a percentage of the user's balance vs total balance (of bEth). Rewards are accumulated each time a user calls execute_decrease_balance(), execute_increase_balance() or execute_claim_rewards() as these functions will in...
6.7AI Score
[WP-H4] anchor_basset_reward pending yields can be stolen
Lines of code Vulnerability details For yield farming aggregators, if the pending yield on an underlying strategy can be harvested and cause a surge of rewards to all existing investors, especially if the harvest can be triggered permissionlessly. Then the attacker can amplify the attack using a...
6.7AI Score
Lines of code Vulnerability details Impact The bETH reward contract allocates new rewards sent to the contract whenever update_global_index is called. It should be possible to time the transfer of the rewards to the contract and frontrun it with increasing one's token balance to capture more...
6.8AI Score
WordPress Video Conferencing with Zoom Plugin信息泄露漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Video Conferencing with Zoom Plugin version 3.8.17 previously contained an information disclosure.....
4.3CVSS
1.7AI Score
0.001EPSS
Rewards can be stolen from contract
Lines of code Vulnerability details It was observed that execute_claim_rewards/execute_decrease_balance/execute_increase_balance are missing to update the global index before calculating user rewards in anchor_basset_reward contract This can lead to serious consequences: execute_increase_balance...
6.8AI Score
Possible Wrong bAsset Rewards/Borrow limits Calculation
Lines of code Vulnerability details Impact During the code review, It has been observed that reward calculation has been done with execute_epoch_operations function. However, the config are stored in the storage. When the anc_purchase_factor is updated by the owner, the execute_epoch_operations is....
6.9AI Score
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
漏洞描述 Spring Cloud GateWay是Spring Cloud的⼀个全新项⽬,⽬标是取代Netflix...
10CVSS
10AI Score
0.975EPSS
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
-cve-2022-22947- cve-2022-22947 spring cloud gateway...
10CVSS
10AI Score
0.975EPSS
ZOHO ManageEngine Key Manager Plus信息泄露漏洞
ZOHO ManageEngine Key Manager Plus is a web-based SSH secret key management solution from ZOHO. The vulnerability is caused by the application not effectively protecting the stored SSL certificates and associated key pairs, which can be exploited by an attacker to obtain the stored SSL...
4AI Score
containerd is a container daemon from the Apache Foundation. The process is responsible for controlling the full cycle of containers on the host according to the RunC OCI specification. Apache containerd is vulnerable to an information disclosure vulnerability that could be exploited by an...
3.4AI Score
Home Owners Collection Management System信任管理问题漏洞
Home Owners Collection Management System, a homeowner collection management system, is vulnerable to a trust management issue stemming from Home Owners Collection Management System v1.0. System v1.0 was found to contain hard-coded credentials, which could be exploited by an attacker to escalate...
9.8CVSS
3.9AI Score
0.002EPSS
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
Spring-Cloud-Gateway-CVE-2022-22947 Spring Cloud...
10CVSS
9.9AI Score
0.975EPSS
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
Spring-Cloud-Gateway-CVE-2022-22947 Spring Cloud...
10CVSS
9.9AI Score
0.975EPSS
Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure
Summary Actions Critical Infrastructure Organizations Should Implement to Immediately Strengthen Their Cyber Posture. • Patch all systems. Prioritize patching known exploited vulnerabilities. • Implement multi-factor authentication. • Use antivirus software. • Develop internal contact...
10CVSS
9.8AI Score
0.976EPSS
Sangfor VDI Client has an unspecified vulnerability
Sangfor VDI Client is a tool used by Sangfor to quickly build virtual desktops.A security vulnerability exists in Sangfor VDI Client, which can be exploited by attackers to discover the contents of username and password fields when reading process...
5.5CVSS
3.1AI Score
0.0005EPSS
Stripe: CSRF token validation system is disabled on Stripe Dashboard
@rodolfomarianocy discovered that due to a code change deployed on 2/14/2022, Cross Site Request Forgery (CSRF) protection was disabled in the Stripe Dashboard. This could have allowed an attacker to trick a victim user to visit a malicious website and cause limited changes to the victim’s Stripe.....
7.1AI Score
Summary Actions to Take Today to Protect Against Malicious Activity Search for indicators of compromise. Use antivirus software. Patch all systems. Prioritize patching known exploited vulnerabilities. Train users to recognize and report phishing attempts. Use multi-factor...
8.8CVSS
8.9AI Score
0.974EPSS
TWABDelegator allows easy circumvention of whale protection
Lines of code Vulnerability details In a recent interview, PoolTogether co-founder Leighton Cusack said: “Someone who had $1,000 right now into the USDC prize pool would have a 0.01% chance of winning a prize every week. That’s a less than 1% chance of winning a prize a year,” Cusack said. “With...
6.8AI Score
Dridex Malware Deploying Entropy Ransomware on Hacked Computers
Similarities have been unearthed between the Dridex general-purpose malware and a little-known ransomware strain called Entropy, suggesting that the operators are continuing to rebrand their extortion operations under a different name. "The similarities are in the software packer used to conceal...
AI Score
Why ATO Attacks Are Attacks on Your Customers
Motivated by the continual surge in eCommerce, which according to UNCTAD has seen unprecedented growth during the COVID-19 pandemic, retailers are scrambling to adapt to a shift in consumer demand and create unique customer experiences that set them apart from the competition. The rise in online...
-0.1AI Score
Nagios XI web shell upload module New this week is a Nagios Web Shell Upload module from Rapid7' own Jake Baines, which exploits CVE-2021-37343. This module builds upon the existing Nagios XI scanner written by Erik Wynter. Versions of Nagios XI prior to 5.8.5 are vulnerable to a path traversal...
9.8CVSS
AI Score
0.975EPSS
Exploit for Integer Overflow or Wraparound in Linux Linux Kernel
CVE-2022-0185 linux 内核提权(逃逸) [toc] 漏洞简介 漏洞编号:...
8.4CVSS
8.7AI Score
0.001EPSS
Stripe: CSRF token validation system is disabled on Stripe Dashboard
@d_sharad discovered that due to a code change deployed on 2/14/2022, Cross Site Request Forgery (CSRF) protection was disabled in the Stripe Dashboard. This could have allowed an attacker to trick a victim user to visit a malicious website and cause limited changes to the victim’s Stripe account.....
7.2AI Score
RewardDistributor._claim uses native token payable.transfer, which is usafe for smart contracts
Lines of code Vulnerability details Impact When reward.token is set to vault address and native token is used, it is sent out via payable.transfer call. This is unsafe as transfer has hard coded gas budget and can fail when the _account is a smart contract. Such transactions will fail for smart...
6.8AI Score
Jenkins Pipeline Groovy Plugin信息泄露漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Pipeline Groovy Plugin 2648.va9433432b33c and earlier versions are vulnerable to an information disclosure...
4.3CVSS
1.1AI Score
0.001EPSS
RewardDistributor._claim() Will Always Revert if The Recipient is a Contract
Lines of code Vulnerability details Impact The _claim() function is called to claim a reward for a given _rewardIdentifier. The leaf node is calculated using the hashed _index, _account and _amount values and is verified to belong to the merkle tree. After setting the reward as claimed, the tokens....
7AI Score
[WP-H4] Input should be validated on-chain to avoid fund loss caused by admin's misinput
Lines of code Vulnerability details In the current design/implementation, the admin of BribeVault is a super privileged role of the system. However, the inputs of the admin to some of the most critical methods are not being validated properly....
6.8AI Score
Rewards can be claimed if merkle proof is known
Lines of code Vulnerability details Impact The README describes the following when a voting ends: Outside of the Hidden Hand contract scope, after the Tokemak CoRE round ends, proposal data is compiled and these two things happen: - The following is derived from the data: its hash (KECCAK-256) and....
6.8AI Score
Use of IERC20.transfer() instead of SafeERC20.safeTransfer()
Lines of code https://github.com/code-423n4/2022-02-redacted-cartel/blob/main/contracts/BribeVault.sol#L296-L297 https://github.com/code-423n4/2022-02-redacted-cartel/blob/main/contracts/ThecosomataETH.sol#L146...
7AI Score
Users Can Frontrun Calls to updateRewardsMetadata() And Claim Tokens Twice
Lines of code https://github.com/code-423n4/2022-02-redacted-cartel/blob/main/contracts/RewardDistributor.sol#L127-L209 Vulnerability details Impact The updateRewardsMetadata() function is called by the BribeVault contract by the admin role. The function will take a list of distributions which are....
6.9AI Score
Lines of code Vulnerability details function updateRewardsMetadata(Common.Distribution[] calldata distributions) external onlyRole(DEFAULT_ADMIN_ROLE) { require(distributions.length > 0, "Invalid distributions"); IRewardDistributor(distributor).updateRewardsMetadata(distributions);...
6.7AI Score
Lines of code Vulnerability details In the current implementation, RewardDistributor._claim() is using if (token != bribeVault) { (token is from rewards[_rewardIdentifier].token) to detect whether it's a ERC20 token or native token (ETH). However, this is not a trustworthy way to determine whether....
6.7AI Score
Jenkins HashiCorp Vault Plugin信息泄露漏洞
Jenkins is a Jenkins open source application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins HashiCorp Vault Plugin 3.8.0 and earlier versions are vulnerable to an information disclosure vulnerability that...
6.5CVSS
1.2AI Score
0.001EPSS
Summary Actions to Help Protect Against Russian State-Sponsored Malicious Cyber Activity: • Enforce multifactor authentication. • Enforce strong, unique passwords. • Enable M365 Unified Audit Logs. • Implement endpoint detection and response tools. From at least January 2020, through...
9.8CVSS
10AI Score
0.973EPSS
Metinfo SQL Injection Vulnerability (CNVD-2022-14805)
MetInfo is a content management system (CMS) developed using PHP and Mysql. A SQL injection vulnerability exists in Metinfo, which stems from the product's failure to secure the special characters in the doModify parameter in the language_general.class.php file. An attacker could exploit this...
9.8CVSS
5AI Score
0.002EPSS
Metinfo SQL Injection Vulnerability (CNVD-2022-14806)
MetInfo is a content management system (CMS) developed using PHP and Mysql. A SQL injection vulnerability exists in Metinfo, which stems from the product's failure to secure the special characters in the table_para parameter in the parameter_admin.class.php file. An attacker could exploit this...
9.8CVSS
5AI Score
0.002EPSS
In January, KrebsOnSecurity examined clues left behind by "Wazawaka," the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. Wazawaka has since "lost his mind" according to his erstwhile colleagues, creating a Twitter account to drop exploit code for a...
9.8CVSS
-0.2AI Score
0.024EPSS
Sunlogin is a free, all-in-one remote control management tool software that integrates remote control of computer phones, remote desktop connection, remote boot, remote management, and support for intranet penetration. Ltd. Sunlogin Personal Edition for Windows has a command execution...
4.9AI Score
"Zero-Days" Without Incident - Compromising Angular via Expired npm Publisher Email Domains
NOTE: If you’re just looking for the high level points, see the “The TL;DR Summary & High-Level Points” section of this post. Recently I took an interest in the npm registry due to it’s critical role in the security of managing packages for all of JavaScript and Node. After registering an account.....
-0.1AI Score
Lines of code https://github.com/code-423n4/2022-02-concur/blob/72b5216bfeaa7c52983060ebfc56e72e0aa8e3b0/contracts/ConcurRewardPool.sol#L38 Vulnerability details Impact Potential Reentrancy Proof of Concept Reentrancy in ConcurRewardPool.claimRewards(address[])...
6.9AI Score
2021 Trends Show Increased Globalized Threat of Ransomware
Summary Immediate Actions You Can Take Now to Protect Against Ransomware: • Update your operating system and software. • Implement user training and phishing exercises to raise awareness about the risk of suspicious links and attachments. • If you use Remote Desktop Protocol (RDP), secure and...
10AI Score