The Liquidity mining callpath sidecar owner can pull native tokens from the Dex

Lines of code Vulnerability details Impact The owner of liquidity mining sidecar can pull the native coins that are stored in the CrocSwapDex to reward the users. Proof of Concept The setConcRewards and setAmbRewards functions doesn't check if the quoted amount of rewards are actually sent by the...

The protocolCmd is permisionless but does not check if the user provide native tokens

Lines of code Vulnerability details Proof of Concept Anyone can call protocolCmd which calls setConcRewards and setAmbRewards to set rewards. LiquidityMiningPath.solL26-L37 function protocolCmdbytes calldata cmd public virtual uint8 code, bytes32 poolHash, uint32 weekFrom, uint32 weekTo, uint64...

Fedora: Security Advisory for golang-github-nats-io (FEDORA-2023-f122ea1b3e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for nats-server (FEDORA-2023-f122ea1b3e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: nats-server-2.10.1-4.fc38

A High Performance NATS Server written in Go and hosted by the Cloud Native Computing Foundation CNCF...

[SECURITY] Fedora 38 Update: golang-github-nats-io-1.30.1-3.fc38

Golang client for NATS, the cloud native messaging system...

Remote Code Execution (RCE)

.NET is vulnerable to Remote Code Execution RCE. The vulnerability exists in Microsoft.DiaSymReader.Native.amd64.dll when processing a corrupted PDB file, potentially leading to remote code execution...

LUCR-3: Scattered Spider Getting SaaS-y in the Cloud

LUCR-3 overlaps with groups such as Scattered Spider, Oktapus, UNC3944, and STORM-0875 and is a financially motivated attacker that leverages the Identity Provider IDP as initial access into an environment with the goal of stealing Intellectual Property IP for extortion. LUCR-3 targets Fortune 20...

plantfinder.nativeplanttrust.org Cross Site Scripting vulnerability OBB-3702662

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

The current axelar router's implementation can't interact with any calls that requires native tokens

Lines of code Vulnerability details Impact Medium... this completely blocks off users that would need to call a contract and want to pass value to them, as they can't do this since the functions are not payable Proof of Concept See summary Additionally take a look at the Axelar's Router.sol and s...

The vulnerability of the React Native Bluetooth Scan component of the Bluezone application, which allows a intruder to gain unauthorized access to protected information.

The vulnerability of the React Native Bluetooth Scan component of the Bluezone application’s software interface is related to the use of insufficiently random values. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via the Microsoft.DiaSymReader.Native.amd64.dll file, when reading a corrupted PDB file. Note: This issue only affects Windows systems. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x64 to version 6.0.2...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via the Microsoft.DiaSymReader.Native.amd64.dll file, when reading a corrupted PDB file. Note: This issue only affects Windows systems. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm64 to version...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via Microsoft.DiaSymReader.Native.amd64.dll when reading a corrupted PDB file. Note: This issue only affects Windows systems. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x64 to version 6.0.22, 7.0.11 ...

All together now: Spring Boot 3.2, GraalVM native images, Java 21, and virtual threads with Project Loom,

This has been a very long time in coming, but finally we can create GraalVM native images that use Spring Boot via Spring Boot 3.2 and Java 21's virtual threads Project Loom! Why does all this matter? Each of these individual things, Project Loom, and GraalVM native images, offer compelling runti...

Oracle Linux 8 : istio (ELSA-2023-12780)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12780 advisory. - Addresses CVE CVE-2023-35941, CVE-2023-35942, CVE-2023-35943, CVE-2023-35944. olcne - CVE-2023-35941 - CVE-2023-35942 - CVE-2023-35943 Tenable has...

Citrix DaaS - The Published resource is not available currently. try again later

After migrating from on premise to Citrix Cloud, users facing issues when launching apps via DaaS only via native CWA. Launching via web browser works as expected. Users are getting error: Transaction ID: xxxxxxxxxxxxxxxxx The resource is not available at the moment. Please try again later. Issue...

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2023-006)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.26.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-006 advisory. Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to...

DiDi Know Streaming Security Breach

DiDi Know Streaming is a cloud-native Kafka management platform from China-based DiDi. A security vulnerability exists in DiDi Know Streaming that stems from an elevation of privilege vulnerability...

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.4 release and security update

Red Hat JBoss Web Server 5.7.4 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System CV...