CVE-2022-1623

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tiflzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa...

CVE-2022-23677

CVE-2022-23677 concerns ArubaOS-Switch devices where NanoSSL misuse across multiple interfaces enables remote code execution. Affected are ArubaOS-Switch 15.xx.xxxx (all versions); 16.01.xxxx through 16.11.xxxx with various sub-versions listed (e.g., 16.02.xxxx: K.16.02.0033 and below; 16.08.xxxx...

sendToCosmos doesn't consider the ERC20 transfer fee, resulting in incorrect amount of ERC20 token

Lines of code Vulnerability details Impact Some ERC tokens have a fee on each transfer. The protocol doesn’t handle the fee when transferring this kind of ERC20 tokens, leading to the inconsistent amount of token actually received in the contract. Validators on the Cudos will mint more tokens to...

Lender can immediately liquidate valued Collateral in NFTPairWithOracle contract

Lines of code Vulnerability details Impact A lender can liquidate a borrower's collateral immediately by calling updateLoanParams in the NFTPairWithOracle contract where the ltvBPS for the params struct is set to 0. This bypasses the checks to make sure that the terms are favourable to the...

Lack of safeApprove(0) prevents some registrations, and the changing of stakers and LP tokens

Lines of code Vulnerability details OpenZeppelin's safeApprove will revert if the account already is approved and the new safeApprove is done with a non-zero value function safeApprove IERC20 token, address spender, uint256 value internal // safeApprove should only be called when setting an initi...

WordPress plugin SP Project & Document Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress SP Project...

kardianos service 代码问题漏洞

kardianos service is a tool for running go programs as services. A code issue vulnerability exists in kardianos service, which stems from servicewindows.go omitting references that are sometimes required to execute the Windows service executable from the expected directory...

Git Lfs 代码问题漏洞

Git Lfs is a command line tool from the Git Lfs team for working with large files in git projects. A code issue vulnerability exists in Git Lfs that allows an attacker to execute arbitrary code...

rainloop -- cross-site-scripting (XSS) vulnerability

Simon Scannell reports: The code vulnerability can be easily exploited by an attacker by sending a malicious email to a victim that uses RainLoop as a mail client. When the email is viewed by the victim, the attacker gains full control over the session of the victim and can steal any of their...

Ghost CMS 代码问题漏洞

Ghost CMS is an open source headless content management system CMS written in JavaScript from the Ghost Foundation in Singapore. A code issue vulnerability exists in Ghost v4.39.0 that allows an attacker to execute arbitrary code via a crafted SVG file...

NonCustodialPSM.mint and redeem using mint control buffer in the inverted way

Lines of code Vulnerability details Impact Now there is no control of VOLT's issuance. For example, super fast VOLT mining is allowed, while mint control buffer will sit capped at its bufferCap, not affecting anything. This way mint speed control is disabled. The issue is that NonCustodialPSM.min...

Precision loss

Lines of code Vulnerability details Impact In line 729 of HolyPaladinToken.sol a huge precision loss occurs if dropDecreaseDuration is not a multiple of MONTH. In its current implementation dropDecreaseDuration / MONTH will get rounded down, which means that dropDecreaseDuration of 1 month and 29...

Checkmk 代码问题漏洞

Checkmk is an editor. A code issue vulnerability exists in CheckMK Enterprise Edition that stems from a successful exploit requiring access to the web administration interface using valid credentials or by hijacking the session of a user with the administrator role...

Incorrect strike price displayed in name/symbol of qToken

Lines of code Vulnerability details Impact slice in options/QTokenStringUtils.sol cut a string into stringstart:end However, while fetching bytes, it uses bytessstart+1 instead of bytessstart+i. This causes the return string to be composed of sstartend-start. The result of this function is then...

CVE-2022-26148

Grafana (through 7.3.4) integrated with Zabbix contains a credentials disclosure flaw: the Zabbix password and URL can be exposed by inspecting api_jsonrpc.php in the HTML source after login/registration, enabling an attacker with access to the app to obtain sensitive Zabbix credentials. Root cau...

UA-Nodeset 代码问题漏洞

UA-Nodeset is a UA node set from the OPC Foundation of America. A code issue vulnerability exists in OPC UA-Nodeset version 1.05.01-2022-02-24 and all previous versions, which stems from the automatically generated ANSI C heap store not handling all error cases...

First user can prevent later users receiving collateral shares

Lines of code Vulnerability details Impact All users after the first the attacker will receive no collateral shares in return for their deposit, losing their tokens. Proof of Concept On the first mint of Collateral tokens the amount to be minted is equal to the amount of tokens deposited, on late...

CVE-2021-39693

In onUidStateChanged of AppOpsService.java, there is a possible way to access location without a visible indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2021-39695

In createOrUpdate of BasePermission.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:...

Horde Webmail 5.2.22 - Account Takeover via Email

Horde Webmail is a free, enterprise-ready, and browser-based communication suite developed by the Horde project. It is a popular webmail solution for universities and government agencies to exchange sensitive email messages on a daily basis. It is also shipped as part of the popular hosting...