Lucene search
+L

244 matches found

cnnvd
cnnvd
added 2023/03/06 12:0 a.m.5 views

Mastodon 安全漏洞

Mastodon is an open source social networking server based on ActivityPub. A security vulnerability exists in Mastodon version 3.5.x prior to 3.5.3, which originates from a delegate account that is not using the server and is vulnerable to information disclosure...

4.3CVSS5.1AI score0.00685EPSS
Exploits1References5
susecve
susecve
added 2023/02/15 6:19 a.m.7 views

SUSE CVE-2005-0036

The DNS implementation in DeleGate 8.10.2 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop...

5CVSS6.7AI score0.02668EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 4:39 a.m.3 views

SUSE CVE-2017-14624

ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c...

9.8CVSS9.2AI score0.03175EPSS
Exploits0References3
code423n4
code423n4
added 2023/02/03 12:0 a.m.19 views

Potential DOS in Contract Inheriting UUPSUpgradeable.sol

Lines of code Vulnerability details Impact There is a contract which inherit UUPSUpgradeable.sol, namely; Managed.sol . The contract is deployed using a proxy pattern whereby the implementation contract is used by the proxy contract for all its logic. The proxy contract will make delegate calls t...

7.3AI score
Exploits0
code423n4
code423n4
added 2022/11/14 12:0 a.m.9 views

Reentrancy attack on fee transferring

Lines of code Vulnerability details Vulnerability details Description There is execute function in the Exchange smart contract. The function matches two orders, ensuring the validity of the match, transfers the order fees, etc. When transferring fees, the contract just makes a call to the...

7.3AI score
Exploits0
code423n4
code423n4
added 2022/11/09 12:0 a.m.5 views

ERC20 and ETH might be returned back to the wrong originator

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Assume the address of erc20EnabledLooksRareAggregator was maliciously changed to fakeerc20EnabledLooksRareAggregator during an execution of LooksRareAggregator.execute then, the malicious user might for...

7.1AI score
Exploits0
code423n4
code423n4
added 2022/10/25 12:0 a.m.8 views

_payoutToken() breaks if tokenAddress is USDT - for Ethereum contracts.

Lines of code Vulnerability details If USDT is used for a sale at some point - either through a direct sale on the NFT collection, or sent to the collection from a marketplace sale - it will remain in the contract, as getTokenPayoutaddressUSDT calls systematically revert: on Ethereum, USDT.transf...

6.8AI score
Exploits0
code423n4
code423n4
added 2022/10/23 12:0 a.m.11 views

NFT not minted when contributed via a supported payment terminal

Lines of code Vulnerability details Impact A contributor won't get an NFT they're eligible for if the payment is made through a payment terminal that's supported by the project but not by the NFT delegate. Proof of Concept A Juicebox project can use multiple payment terminals to receive...

6.8AI score
Exploits0
code423n4
code423n4
added 2022/10/12 12:0 a.m.10 views

Using ifAdmin modifier to forcefully interact with implementation contracts via _fallback() call.

Lines of code Vulnerability details Impact The modifier ifAdmin allows internal delegation to the implementation contract if caller is not admin by calling the fallback function which delegates the current call to implementation. This allows a user who is not admin to call to make a transaction...

6.8AI score
Exploits0
cnnvd
cnnvd
added 2022/09/24 12:0 a.m.6 views

Hyperledger Besu 安全漏洞

Hyperledger Besu is an open source application from Hyperledger. It is used to run, maintain, debug and monitor nodes in the Ethernet network. A security vulnerability exists in Hyperledger Besu versions prior to 22.1.3 through 22.7.1, which stems from an error in its 32-bit signed and unsigned...

9.1CVSS8.3AI score0.00868EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2022/09/23 12:0 a.m.10 views

PT-2022-23124 · Besu · Besu

Name of the Vulnerable Software and Affected Versions: Besu versions 22.1.4 through 22.7.0 Description: The issue is related to an incorrect conversion between numeric types in the calculation of available gas in CALL operations, including DELEGATECALL. This results in incorrect gas being passed...

9.1CVSS9.3AI score0.00868EPSS
Exploits0References6
code423n4
code423n4
added 2022/09/15 12:0 a.m.10 views

Overflow on _moveDelegateVotes function

Lines of code Vulnerability details Impact A malicious actor can overflow his number of votes Proof of Concept 0. Alice and Kane each have an NFT token 1. Alice uses delegate function to delegate the vote to Kane 2. Kane uses transferFrom to transfer his token to the address Alice 3. Alice uses...

7.2AI score
Exploits0
code423n4
code423n4
added 2022/09/15 12:0 a.m.6 views

Its possible to underflow votes using delegate and delegateBySig on ERC721Votes.sol

Lines of code Vulnerability details Impact Is possible to generate an underflow on ERC721Votes.solL216 mainly because its wrapped in an unchecked bracked. prevTotalVotes could be lower than amount so this will generate and underflow; writeCheckpointfrom, nCheckpoints, prevTotalVotes, prevTotalVot...

6.9AI score
Exploits0
code423n4
code423n4
added 2022/09/15 12:0 a.m.12 views

User can generate unlimited votes through faulty transfer logic

Lines of code Vulnerability details Impact When tokens are transferred from one user to another, votes should be moved from the delegatee of the sender to the delegatee of the receiver. Instead, they are transferred from the sender to the receiver. Because the moveDelegateVotes function is...

6.9AI score
Exploits0
code423n4
code423n4
added 2022/08/27 12:0 a.m.34 views

Inconsistent implementation of delegate and delegateBySig leads to inconsistent checkpoints and numCheckpoints modification.

Lines of code Vulnerability details Impact User can delegate to delegatee by calling delegeate and if the parameter delegatee is address0, it will be replaced with the msg.sender. function delegateaddress delegatee public if delegatee == address0 delegatee = msg.sender; return delegatemsg.sender,...

7AI score
Exploits0
code423n4
code423n4
added 2022/08/15 12:0 a.m.9 views

Functions quitLock and delegate fundamentally change game theory of VoteEscrow

Lines of code Vulnerability details Impact Without delegation it is not possible to remove voting power before the end of a lock. Function quitLock now makes this possible, but it does not just affect the user who quits the lock. Any votes that are delegated to them are temporarily lost from the...

6.9AI score
Exploits0
code423n4
code423n4
added 2022/08/07 12:0 a.m.11 views

[H3] Persisted msg.value in a loop of delegate calls can be used to drain ETH from your proxy

Lines of code Vulnerability details Impact msg.value in a loop can be used to drain proxy funds PoC While BoringBatchable is out of the scope, this bug affects seriously MIMOProxy as it inherits. Some time ago I read a report about an auditor called samczsung . I believe that you are having the...

6.6AI score
Exploits0
code423n4
code423n4
added 2022/08/07 12:0 a.m.14 views

Double spend in execute function from the MIMOProxy

Lines of code Vulnerability details There is batch function in MIMOProxy smart contract. The function is inherited from the BoringBatchable contract. The function accept an array of bytes - call parameters, and do delegate call to addressthis for each of the call parameters. There also is execute...

7.1AI score
Exploits0
code423n4
code423n4
added 2022/08/07 12:0 a.m.5 views

[H1] MIMOProxy can be PWNED by malicious delegate call

Lines of code Vulnerability details Impact PBR proxy owner change protection can bypassed / DoS PoC PRBProxy has a protection to prevent malicious delegatecall to overwrite owner. function executeaddress target, bytes calldata data public payable override returns bytes memory response ... ... //...

6.9AI score
Exploits0
code423n4
code423n4
added 2022/08/07 12:0 a.m.16 views

Overwriting storage slots in MIMOProxy

Lines of code Vulnerability details Impact The MIMOProxy allows you to delegate a call to another contract from a permission of owner. With a delegate call, the entire storage layout is kept the same as it is on MIMOProxy. It means that if the delegate call will be made for smart contract with...

6.7AI score
Exploits0
Rows per page
Query Builder