OBDA systems Mastro 代码问题漏洞

OBDA systems Mastro is a Java tool for ontology-based data access OBDA from OBDA systems, Italy. A code issue vulnerability exists in OBDA systems Mastro version 1.0. An attacker could use this vulnerability to read system files via a custom DTD...

Issues beyond expected behavior.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. function unstakeuint256 amount external override nonReentrant whenNotPaused requireamount != 0, 'stake amount cant be 0'; uint256 noVesting = userstakedAmountsmsg.senderDuration.NONE.amount; uint256...

Wrong Deadline

Lines of code Vulnerability details the deadline is the timestamp after which the transaction will revert. the goal of this field is that the caller can set a deadline for the transaction so the transaction will not succeed in any arbitrary time in the future, and after this deadline, they can...

The withdrawal safety check in _withdrawSome() seems unreasonable

Lines of code Vulnerability details Impact The withdrawal safety check in seems unreasonable. Proof of Concept I don’t understand why max = amount99.8% need to be confirmed. max should be larger than amount. And amount function withdrawSomeuint256 amount internal override returns uint256 uint256...

Heap-based Buffer Overflow in function get_lisp_indent

Description Heap-based Buffer Overflow in function getlispindent at indent.c:1994 vim version git log commit 83497f875881973df772cc4cc593766345df6c4a HEAD - master, tag: v8.2.5105, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/pochbo2s.dat -...

Integer overflow can affect router balances

Lines of code Vulnerability details Impact Integer overflow can affect router balances. Proof of Concept The repayAavePortal method of the PortalFacet contract subtracts the balance within an unchecked region, but this balance is not checked beforehand to be greater than the amountIn. unchecked...

Upgraded Q -> M from 182 [1655245716777]

Judge has assessed an item in Issue 182 as Medium risk. The relevant finding follows: L-Can send ETH more than buyOption premium required Link. requiremsg.value = premium should be requiremsg.value == premium to prevent user send too much eth. Only beneficiary benefit from this. Contract should...

Samsung Internet 代码问题漏洞

Samsung Internet is a mobile application from Samsung South Korea. Samsung Internet version 17.0.1.69 has a code issue vulnerability that can be exploited by attackers to spoof the address bar by executing a script...

SideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years

An "aggressive" advanced persistent threat APT group known as SideWinder has been linked to over 1,000 new attacks since April 2020. "Some of the main characteristics of this threat actor that make it stand out among the others, are the sheer number, high frequency and persistence of their attack...

Rewards can be locked in Bribe contract because distributing them is depend of base token reward amount and Gauge.deliverBribes() is not get called always by Voter.distribute()

Lines of code Vulnerability details Impact Voter.distribute calls Gauge.deliverBribes if claimablegauge / DURATION 0 was True and claimablegauge shows base token rewards for gauge. Gauge.deliverBribes calls Bribe.deliverReward which transfers the rewards to Gauge. so for Bribe rewards to been...

Repeated calls to deliverBribes() risks draining bribe of assets into Gauge

Lines of code Vulnerability details Impact Funds drain from Bribe prematurely with repeated calls to deliverBribes Proof of Concept Calling deliverBribes calls deliverRewards which transfers the amount specified as the rewards due and sends to gauge. Repeated calls to deliverBribes makes repeated...

Anyone can cancel orders from the router and get the tokens

Lines of code Vulnerability details Impact Anyone can cancel orders from the router and get the tokens Proof of concept -A user makes a WETH order from the router -Any attacker can call the cancel function with the order ID and get all the unfilled funds from the order Basically orders in the...

VotingEscrow's merge and withdraw aren't available for approved users

Lines of code Vulnerability details Users who are approved, but do not own a particular NFT, are supposed to be eligible to call merge and withdraw from the NFT. Currently burn, used by merge and withdraw to remove the NFT from the system, will revert unless the sender is the owner of NFT as the...

多款Keysight Technologies产品代码问题漏洞

Keysight Technologies N6854A Geolocation server and Keysight Technologies N6841A RF Sensor are both products of Keysight Technologies, Inc.Keysight Technologies Keysight Technologies N6854A Geolocation server is a geolocation server.Keysight Technologies N6841A RF Sensor is an RF sensor. It is us...

How Secrets Lurking in Source Code Lead to Major Breaches

If one word could sum up the 2021 infosecurity year well, actually three, it would be these: "supply chain attack". A software supply chain attack happens when hackers manipulate the code in third-party software components to compromise the 'downstream' applications that use them. In 2021, we hav...

Quick Heal 代码问题漏洞

Quick Heal is an antivirus software from Quick Heal that provides IT security solutions for your PC, Mac, phone, tablet and corporate network. A code issue vulnerability exists in versions prior to Quick Heal Total Security 12.1.1.27, which stems from a lack of privilege control during applicatio...

Oracle Linux 8 : python3 (ELSA-2022-1986)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1986 advisory. - Security fix for CVE-2021-4189: ftplib should not use the host from the PASV response Resolves: rhbz2036020 Tenable has extracted the preceding...

Loss of funds due to beneficiary override to address(0) during transfer

Lines of code Vulnerability details Premiums or proceeds earned after the transfer will accrue to the zero address, instead of to the new vault owner, and the funds will be irrecoverable. Proof of concept vaultBeneficiariesvaultId is overridden to the zero address during transfer: File: Cally.sol...

Fee can possibly be set maliciously

Lines of code Vulnerability details Fee is set by an admin and can be set maliciously to steal the funds that are entitled to go to the user. Impact Fee can be set to a maliciously high value to unfairly extract funds from protocol users. An owner can buy options, set fee to 100% and exercise...

Withdrawn Advisory: Node.js Inspector RCE via DNS Rebinding

Withdrawn Advisory This advisory has been withdrawn because this vulnerability affects inspector code in https://github.com/nodejs/node, not the legacy debugger at https://github.com/node-inspector/node-inspector. https://github.com/nodejs/node is not in a supported ecosystem. Original Descriptio...