Hands on Review: LayerX's Enterprise Browser Security Extension

The browser has become the main work interface in modern enterprises. It's where employees create and interact with data, and how they access organizational and external SaaS and web apps. As a result, the browser is extensively targeted by adversaries. They seek to steal the data it stores and u...

Lack of functionality to distribute the yield to the USDe stakers.

Lines of code Vulnerability details Impact User will not get the benefit of the yield which is output of their USDe staking. Outcome of yield is the core feature of staking. we are submitting this as high. Proof of Concept An user who is not black listed is allowed to stake their USDe by calling...

Vesting amount is calculated incorrectly in StakedUSDe contract

Lines of code Vulnerability details Description The description says vestingAmount is the contract balance + any unvested remainder at that time but it is set incorrectly in the code. /// @notice The amount of the last asset distribution from the controller contract into this /// contract + any...

replay exploitation in StakedUSDeV2's unstake function

Lines of code Vulnerability details Impact The vulnerability in the unstake function of the StakedUSDeV2 contract allows the receiver to claim assets without considering the specific round from which they should receive the assets. The receiver can claim assets from a different round than intende...

stakers can withraw reward without waiting the vesting period

Lines of code Vulnerability details Impact stakers can frontrun a reward giving transaction by monitoring the mempool for the function transferInRewards, and stake before it, and then unstake after to get rewards, if the cooldown is off. Proof of Concept imagine a scenario where the cooldown peri...

The vulnerability of the Python programming language distribution Anaconda lies in the ability to write files in the anaconda3 directory, which allows a malicious actor to trigger a service failure.

The vulnerability of the Python Anaconda distribution relates to the ability to write files in the anaconda3 directory. For example, it is possible to modify the cacert.pem file used by the installed pip package. Exploiting this vulnerability could allow a perpetrator to cause a service failure...

Number withdrawn

XAMPP is an easy-to-install Apache distribution with MariaDB, PHP, and Perl.The product is primarily used for building web servers. This CVE number is withdrawn...

The vulnerability of the Access Control List (ACL) management mechanism in the Synapse home server allows a perpetrator to trigger a service failure.

The vulnerability of the Access Control List ACL management mechanism in the Synapse home server is related to the unrestricted and unregulated distribution of resources. Exploiting this vulnerability could allow a malicious actor to cause service failures...

CVE-2023-36085

The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to...

M-05 Unmitigated

Lines of code Vulnerability details Mitigation of M-05: Issue NOT mitigated Mitigated issue M-05: Reward sandwiching in VotiumStrategy The issue was that exposure to the benefits of the VotiumStrategy might be unfairly time-weighted. There were two aspects mentioned: voting power and rewards. I d...

CVE-2023-26219

The CVE-2023-26219 issue affects TIBCO Hawk family components: TIBCO Hawk, Hawk Distribution for Silver Fabric, Operational Intelligence Hawk RedTail, and Runtime Agent. The vulnerability allows an attacker who can read the Hawk Console/Agent logs to obtain credentials used to access EMS servers....

[SECURITY] Fedora 37 Update: fbthrift-2023.10.16.00-1.fc37

Thrift is a serialization and RPC framework for service communication. Thrift enables these features in all major languages, and there is strong support for C++, Python, Hack, and Java. Most services at Facebook are written using Thri ft for RPC, and some storage systems use Thrift for serializin...

CVE-2023-36085

The CVE-2023-36085 issue affects SISQUAL WFM versions 7.1.319.103 through 7.1.319.111, where a Host Header Injection vulnerability exists in the "/sisqualIdentityServer/core/" endpoint. By manipulating the HTTP Host header, an attacker can alter webpage links and redirect users to arbitrary or ma...

CVE-2023-36085

The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to...

Debian: Security Advisory (DSA-5531-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Hackers Exploit QR Codes with QRLJacking for Malware Distribution

By Deeba Ahmed Researchers report a surge in QR code-related cyberattacks exploiting phishing and malware distribution, especially QRLJacking and Quishing attacks. This is a post from HackRead.com Read the original post: Hackers Exploit QR Codes with QRLJacking for Malware Distribution...

Debian DSA-5529-1 : slurm-wlm - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5529 advisory. Francois Diakhate discovered that several race conditions in file processing of the Simple Linux Utility for Resource Management SLURM, a cluster resource management and j...

CVE-2023-42459

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free could...

DEBIAN-CVE-2023-42459

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free could...

Double free

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free could...