190 matches found
If requestMint() is called before mintFee is initially set via setMintFee(), the return of _getMintFees(collateralAmountIn) can be "underflow" , which results in the loss for the protocol and the unexpected-benefit for certain users
Lines of code Vulnerability details Impact This vulnerability lead to the loss for this protocol and the unexpected-benefit for certain users like this: The protocol cannot earn the fee in collateral feesInCollateral that is supposed to be earned unless the MANAGERADMIN set the certain amount of...
CVE-2022-41264
Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacke...
CVE-2022-41264
Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacke...
Design/Logic Flaw
Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacke...
CVE-2022-41264
The CVE-2022-41264 issue affects SAP BASIS components (versions 731, 740, 750–757, 789–791) where the unrestricted scope of the RFC function module allows an authenticated non-administrator to access a system class and execute any of its public methods with attacker-supplied parameters. This can ...
CVE-2022-41264
Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacke...
CVE-2022-41264
Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacke...
SAP Basis 代码注入漏洞
SAP Basis is a content management system. SAP Basis suffers from a code injection vulnerability that stems from the unrestricted scope of its RFC function modules allowing an authenticated, non-administrator attacker to access a system class and execute any of its public methods using...
PT-2022-25776 · Sap · Sap Basis
Name of the Vulnerable Software and Affected Versions: SAP BASIS versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791 Description: The issue allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provid...
NFTLoanFacilitator: Insufficient granularity allows for same-term loans to be accepted
Lines of code Vulnerability details Details & Impact It is possible for the calculated interest rate improvement to be zero if the existing interest rate is low enough ≤ 0.9% with 10% improvement rate. In such cases, lenders can compete to continually buyout each other with the same terms. The...
TIBCO Security Advisory: February 15, 2022 - TIBCO BusinessConnect Container Edition -2021-43049
TIBCO BusinessConnect Container Edition username and password leakage Original release date: February 15, 2022 Last revised: --- CVE-2021-43049 Source: TIBCO Software Inc. Products Affected TIBCO BusinessConnect Container Edition versions 1.1.0 and below The following component is affected:...
NewStart CGSL MAIN 6.02 : firefox Multiple Vulnerabilities (NS-SA-2021-0120)
The remote NewStart CGSL host, running version MAIN 6.02, has firefox packages installed that are affected by multiple vulnerabilities: - Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a...
CVE-2020-19265
A stored cross-site scripting XSS vulnerability in the index.php/Dswjcms/Basis/links component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML...
CVE-2020-19265
A stored cross-site scripting XSS vulnerability in the index.php/Dswjcms/Basis/links component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML...
CVE-2020-19265
The provided documents confirm a stored cross-site scripting (XSS) vulnerability in Dswjcms 1.6.4, specifically in the index.php/Dswjcms/Basis/links component. The root cause is lack of proper validation/escaping of input parameters in that component, enabling attackers to store and execute arbit...
Active Exploitation of Confluence Server & Confluence Data Center: CVE-2021-26084
This attack is ongoing. See the Updates section at the end of this post for new information as it comes to light. On August 25, 2021, Atlassian published details on CVE-2021-26084, a critical remote code execution vulnerability in Confluence Server and Confluence Data Center. The vulnerability...
Weak Password Vulnerability in MX-M316N of Sharp Trading (China) Co.
Sharp Trading China Co., Ltd. is a foreign enterprise that distributes and wholesales household appliances, LCD TVs, air conditioners, cell phones, printers and other products. A weak password vulnerability exists in Sharp Trading China Co. MX-M316N, which can be exploited by attackers to obtain...
Is 85% of US Critical Infrastructure in Private Hands?
Most US critical infrastructure is run by private corporations. This has major security implications, because its putting a random power company in -- say -- Ohio -- up against the Russian cybercommand, which isnt a fair fight. When this problem is discussed, people regularly quote the statistic...
CVE-2020-26974
When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox 84, Thunderbird 78.6, and Firefox ESR...
DEBIAN-CVE-2020-26974
When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox 84, Thunderbird 78.6, and Firefox ESR...