User can call getReward multiple times causing 51% attack

Lines of code Vulnerability details Impact The Neo Tokyo staking program operates as follows: The staker is a competitive system where stakers compete for a fixed emission rate in each of the S1 Citizen, S2 Citizen, and LP token staking pools. Stakers "may" choose to lock their assets for some...

[SECURITY] [DSA 5373-1] node-sqlite3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5373-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 14, 2023 https://www.debian.org/security/faq -...

Fake ChatGPT Chrome Extension Hijacking Facebook Accounts for Malicious Advertising

A fake ChatGPT-branded Chrome browser extension has been found to come with capabilities to hijack Facebook accounts and create rogue admin accounts, highlighting one of the different methods cyber criminals are using to distribute malware. "By hijacking high-profile Facebook business accounts, t...

Fake ChatGPT Chrome Extension Hijacking Facebook Accounts for Malicious Advertising

A fake ChatGPT-branded Chrome browser extension has been found to come with capabilities to hijack Facebook accounts and create rogue admin accounts, highlighting one of the different methods cyber criminals are using to distribute malware. "By hijacking high-profile Facebook business accounts, t...

GHSA-89P3-9J8C-FQH4 Duplicate Advisory: User account enumeration in eZ Publish Ibexa Kernel

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gmrf-99gw-vvwj. This link is maintained to preserve external references. Original Description This Security Advisory is about a vulnerability in eZ Platform v1.13, v2.5, and v3.2, and in Ibexa DXP and Ibexa Open...

Fedora: Security Advisory for stargz-snapshotter (FEDORA-2023-62ce942e75)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Intel® Distribution for Python 2018 for Windows* Advisory

Summary: A potential security vulnerability in Intel® Distribution for Python IDP 2018 may allow an unprivileged user to escalate privileges via a local vector. Intel is releasing IDP updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2018-12175 Description: Defau...

TicketUtils: Number draws are not uniformly distributed

Lines of code Vulnerability details The number selection algorithm in TicketUtils.reconstructTicket "draws" winning numbers using modulo arithmetic and a random seed. However, selected numbers are not uniformly distributed. Due to modulo bias and successive draw logic, higher numbers will be draw...

Source can change the result of the Lottery

Lines of code Vulnerability details Impact The loss of lottery winnings and incorrect distribution of funds Proof of Concept Reentrancy in Lottery.receiveRandomNumberuint256 src/Lottery.sol203-232: External calls: - winAmountdrawFinalizedselectionSize = drawRewardSizedrawFinalized,selectionSize /...

Some figures are more likely to be drawn

Lines of code Vulnerability details Description The function reconstructTicket generate the winning ticket the from the ramdom number generated by Chainlink VRF V2. The design of this function makes the occurrence of some numbers more likely than others. Impact With the current implementation and...

Debian: Security Advisory (DSA-2104-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-1316-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-1585-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-259-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-1526-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-1989-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-1751-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-1959-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-1230-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-264-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...