No need to stack lend pool to take lendlaunger rewards

Lines of code Vulnerability details Impact Lending lenger give reward tokens to users if they lend their tokens to selected pools. Lendingledger give rewards as weekly and it records user's balance until end of the weekespacially thursday because 1 jan 1970 was thursday. But protocol records can ...

Sencond hand Delegatee can Withdraw before owner undelegates

Lines of code Vulnerability details Impact When an original depositor delegates to another address, the new address can call withdraw before the delegator undelegates. Proof of Concept requirelocked.amount 0, "No lock"; requirelocked.end Attack Scenerio: 1. When an original depositor creates a...

CVE-2023-24015 Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2

A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on...

Debian dla-3523 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3523 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3523-1 [email protected]...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaThunderbird (SUSE-SU-2023:3228-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3228-1 advisory. - Offscreen Canvas did not properly track cross-origin tainting, which could have been used to...

Siemens RUGGEDCOM ROS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

​Siemens Software Center

​​As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services ...

Siemens SIMATIC

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Rocky Linux 8 : thunderbird (RLSA-2023:4497)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4497 advisory. - Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document fil...

Rocky Linux 9 : firefox (RLSA-2023:4462)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4462 advisory. - Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of...

Mozilla: Crash in DOMParser due to out-of-memory conditions

The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations...

Mozilla: Incorrect value used during WASM compilation

The Mozilla Foundation Security Advisory describes this flaw as: In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process...

Mozilla: Crash in DOMParser due to out-of-memory conditions

The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations...

Mozilla: Crash in DOMParser due to out-of-memory conditions

The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations...

Mozilla: Incorrect value used during WASM compilation

The Mozilla Foundation Security Advisory describes this flaw as: In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process...

Mozilla: Incorrect value used during WASM compilation

The Mozilla Foundation Security Advisory describes this flaw as: In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process...

F5 BIG-IP Cross-Site Scripting Vulnerability (CNVD-2023-82301)

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A cross-site scripting vulnerability exists in F5 BIG-IP, which can be exploited by an attacker to steal a victim's cookie-bas...

PT-2023-28055 · Dedebiz · Dedebiz

Name of the Vulnerable Software and Affected Versions: DedeBIZ version 6.2.10 Description: A vulnerability was found in the Article Handler component, which can be exploited to lead to cross site scripting. The attack may be launched remotely. The vendor was contacted early about this disclosure...

Integer overflow

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration...

CVE-2023-38698 .eth registrar controller can shorten the duration of registered names

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration...