Pools can be created without initial liquidity

Handle cmichel Vulnerability details Vulnerability Details The protocol differentiates between public pool creations and private ones starting without liquidity. However, this is not effective as anyone can just flashloan the required initial pool liquidity, call PoolFactory.createPoolADD, receiv...

Unchecked token transfers

Handle Lucius Vulnerability details Impact The functions transerFrom/transer do not revert on failure and instead simply return false. Without checks on the return values, the transfers could potentially fail silently allowing unexpected issues with certain token pools. E.G. If a user calls depos...

UBUNTU-CVE-2020-23303

There is a heap-buffer-overflow at jmem-poolman.c:165 in jmempoolscollectempty in JerryScript 2.2.0...

Oracle Linux 8 : httpd:2.4 (ELSA-2021-1809)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1809 advisory. - Resolves: 1677590 - CVE-2018-17199 httpd:2.4/httpd: modsessioncookie does not respect expiry time - Resolves: 1869075 - CVE-2020-11984 httpd:2.4/http...

Incorrect liquidity unit calculation in Utils.sol

Handle 0xRajeev Vulnerability details Impact As per code comments, the calcLiquidityUnits function is supposed to calculate: // units = P t B + T b/2 T B slipAdjustment // P part1 + part2 / part3 slipAdjustment While part1, part2 and part3 are calculated correctly, they are combined as: uint unit...

Anyone can curate pools and steal rewards

Handle @cmichelio Vulnerability details Vulnerability Details The Router.curatePool and replacePool don't have any access restriction. An attacker can get a flash loan of base tokens and replace existing curated pools with their own curated pools. Impact Curated pools determine if a pool receives...

EulerOS Virtualization 2.9.1 : httpd (EulerOS-SA-2021-1602)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge...

ADM - Failed to allocate requested capacity for MPX/SDX or VPX to create in SDX

When multiple pool of licenses Bandwidth/instance are purchased at different points in time, the Service agreement SA date and expiration date are different, causing each pool of licenses to be recognized as separate on Citrix ADM, instead of one combined pool of licenses. This sometimes may caus...

Amazon Linux 2 : httpd (ALAS-2020-1490)

The version of httpd installed on the remote host is prior to 2.4.46-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1490 advisory. Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE A flaw was found in Apache httpd in...

london-pools.com Cross Site Scripting vulnerability OBB-1484247

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

libvirt: Potential denial of service via active pool without target path

A NULL pointer dereference was found in the libvirt API responsible for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection...

Microsoft SharePoint Access Control Error Vulnerability

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A security...

Unauthorized Access Vulnerability in Alibaba Druid Monitor

Druid is a JDBC component library , including database connection pools , SQL Parser and other components . An unauthorized access vulnerability exists in Alibaba Druid Monitor, which can be exploited by an attacker to obtain sensitive information...

Denial Of Service (DoS)

libvirt is vulnerable to denial of service. A potential application crash can occur via active pools that are created without a target path...

libvirt: Potential denial of service via active pool without target path

A NULL pointer dereference was found in the libvirt API responsible for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection...

EulerOS Virtualization for ARM 64 3.0.6.0 : mod_http2 (EulerOS-SA-2020-2016)

According to the version of the modhttp2 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have writt...

EulerOS Virtualization for ARM 64 3.0.6.0 : httpd (EulerOS-SA-2020-2018)

According to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCECVE-2020-11984 - Apache HTTP Server...

Amazon Linux 2 : mod_http2 (ALAS-2020-1493)

The version of modhttp2 installed on the remote host is prior to 1.15.14-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1493 advisory. Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 reque...

Microsoft SharePoint Remote Code Execution Vulnerability (CNVD-2020-63728)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code executi...

Debian DSA-4757-1 : apache2 - security update

Several vulnerabilities have been found in the Apache HTTPD server. - CVE-2020-1927 Fabrice Perez reported that certain modrewrite configurations are prone to an open redirect. - CVE-2020-1934 Chamal De Silva discovered that the modproxyftp module uses uninitialized memory when proxying to a...