Malicious code in xdefi-distribution (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 352ef361ef8485fc98aa4e128cd2942a1de8926508bc3b2f76b0cbbe831ee3af The OpenSSF Package Analysis project identified 'xdefi-distribution' @ 99.9.9 npm as malicious. It is considered malicious because: - The packag...

MAL-2023-1348 Malicious code in xdefi-distribution (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 352ef361ef8485fc98aa4e128cd2942a1de8926508bc3b2f76b0cbbe831ee3af The OpenSSF Package Analysis project identified 'xdefi-distribution' @ 99.9.9 npm as malicious. It is considered malicious because: - The packag...

ExtraordinaryFunding may fail due to a decrease in the treasury funds due to a StandardFunding new distribution round

Lines of code Vulnerability details Impact Users could spend gas and possibly other off chain resources voting on an ExtraordinaryFunding proposal which would later revert when executing. Proof of Concept If an ExtraordinaryFunding proposal requests an amount of tokens between 48.5% and 50% of th...

stake() function: The provided stake function lacks checks to prevent a lender from staking multiple NFTs in the same Ajna pool. The function allows any owned position NFT to be staked without considering whether the lender has already staked in the pool. This potentially opens up the system to an abuse where a lender stakes multiple NFTs for the same liquidity position.

Lines of code Vulnerability details Impact The current stake function lacks checks to prevent a lender from staking multiple NFTs in the same Ajna pool. This could lead to an abuse of the system where a lender stakes multiple NFTs for the same liquidity position, potentially earning more rewards...

mint() function: Rogue lenders/attackers could mint multiple/endless position NFTs for their SAME Ajna pool deposits/LPs, when they're supposed to be able to mint only one position NFT per lender per LP per pool.

Lines of code Vulnerability details Impact The current implementation of the mint function allows a lender to mint multiple position NFTs for the same Ajna pool deposit. This could lead to an inflation of NFTs and potentially disrupt the system's reward distribution, as the lender could stake the...

SUSE CVE-2023-2253

A flaw was found in the /v2/catalog endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned query string: n. This vulnerability allows a malicious user to submit an unreasonably large value for n, causing the allocation of a massive strin...

SUSE-SU-2023:2153-1 Security update for docker-distribution

This update for docker-distribution fixes the following issues: - CVE-2023-2253: Catalog Endpoint can lead to OOM by user input bsc1207705...

Cyberpress Launches Cybersecurity Press Release Distribution Platform

By Cyberpress Dubai / May 1st 2023 / Cyberpress -- Cybersecurity gets a new dedicated newswire. Cyberpress, a press release… This is a post from HackRead.com Read the original post: Cyberpress Launches Cybersecurity Press Release Distribution Platform...

Moderate: Red Hat Security Advisory: krb5 security, bug fix, and enhancement update

An update for krb5 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Distribution 安全漏洞

Distribution is Distribution's individual developer's toolset for packaging, shipping, storing, and delivering content. A security vulnerability exists in Distribution that stems from allowing a malicious user to submit unreasonable values, resulting in the allocation of large arrays of strings...

Mitigation of M-12: Issue NOT mitigated

Mitigated issue M-12: No slippage protection on stake in SafEth.sol There were issues with either a lack of slippage protection or a hard set slippage. Slippage protection was missing in deposit for Reth.deposit only if depositing in the Rocket Pool and in Reth.withdraw, as well as in stake becau...

Mitigation of M-11: Issue not mitigated, mitigation error

MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of M-11: Issue not mitigated, mitigation error Link to Issue: code-423n4/2023-03-asymmetry-findings152 Comments Even though the sponsor followed the warden's recommendation in issue M-11, I don't think the proposed change properly...

Cyberpress Launches Cybersecurity Press Release Distribution Platform

By Cyberpress Dubai / May 1st 2023 / Cyberpress -- Cybersecurity gets a new dedicated newswire. Cyberpress, a press release… This is a post from HackRead.com Read the original post: Cyberpress Launches Cybersecurity Press Release Distribution Platform...

[SECURITY] [DSA 5396-2] evolution update

------------------------------------------------------------------------- Debian Security Advisory DSA-5396-2 [email protected] https://www.debian.org/security/ Alberto Garcia May 04, 2023 https://www.debian.org/security/faq -...

Google takes CryptBot to the wood shed

Google is in the midst of a legal campaign designed to take down the creators of a very persistent piece of malware called CryptBot. This malware, which Google claims compromised roughly 670k computers, set about infecting users of the Chrome browser. Unfortunately for the malware campaign...

Managed Detection and Response in 2022

Kaspersky Managed Detection and Response MDR is a service for 24/7 monitoring and response to detected incidents based on technologies and expertise of Kaspersky Security Operations Center SOC team. MDR allows detecting threats at any stage of the attack – both before anything is compromised and...

Cyberpress Launches Cybersecurity Press Release Distribution Platform

By Cyberpress Dubai / May 1st 2023 / Cyberpress -- Cybersecurity gets a new dedicated newswire. Cyberpress, a press release… This is a post from HackRead.com Read the original post: Cyberpress Launches Cybersecurity Press Release Distribution Platform...

Debian: Security Advisory (DSA-5394-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for python-setuptools (FEDORA-2023-9992b32c1f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Gets Court Order to Take Down CryptBot That Infected Over 670,000 Computers

Google on Wednesday said it obtained a temporary court order in the U.S. to disrupt the distribution of a Windows-based information-stealing malware called CryptBot and "decelerate" its growth. The tech giant's Mike Trinh and Pierre-Marc Bureau said the efforts are part of steps it takes to "not...