totalBorrows is not deducted properly when Comptroller#healAccount is called

Lines of code Vulnerability details Impact TotalBorrowed in VToken is not accounted properly when healAccount is called. Proof of Concept ComptrollerhealAccount intends to forgive the debt of the account if the debt goes far too underwater. When that happens, the collateral is seized, some of the...

CVE-2023-32212

An attacker could have positioned a datalist element to obscure the address bar. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...

CVE-2023-28180

A denial-of-service issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. A user in a privileged network position may be able to cause a denial-of-service...

CVE-2023-28182

The issue was addressed with improved authentication. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A user in a privileged network position may be able to spoof a VPN server that is configured with...

Denial of service

A denial-of-service issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. A user in a privileged network position may be able to cause a denial-of-service...

CVE-2023-28180

A denial-of-service issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. A user in a privileged network position may be able to cause a denial-of-service...

POSITION LIMIT COULD BE FULLY REDUCED TO ZERO BY CLONES

Lines of code Vulnerability details Impact A newly opened position could have its limit fully reduced to zero as soon as the cooldown period has elapsed. Proof of Concept As seen in the function below, a newly opened position with 0 Frankencoin minted could have its limit turn 0 if the function...

Lack of validation in opening positions parameters can lead to critical vulnerabilities at protocol level

Lines of code Vulnerability details Suspicious positions may be denied by voters if they don't seem legit, but over time it is very possible that one of them lands in the protocol, which can involve serious risks. Some attributes may not seem harmful with certain values at first sight, and can le...

[H-06] Double-entrypoint collateral token allows position owner to withdraw underlying collateral without repaying ZCHF

Lines of code Vulnerability details Impact Position::withdraw is intended to allow the position owner to withdraw any ERC20 token which might have ended up at position address. If the collateral address is passed as argument then Position::withdrawCollateral is called to perform the necessary...

Challenger incentives can be inflated with external transfers

Lines of code Vulnerability details Impact The function notifyChallengeSucceeded calculates the volume of ZCHF to be repaid, which is then used to calculate the reward for the challenger. The challenger can however artificially inflate this value. A challenger can start a challenge on an...

Challenges can be frontrun with de-leveraging to cause lossses for challengers

Lines of code Vulnerability details Impact Challenges, once created, cannot be closed. Thus once a challenge is created, the challenger has already transferred in a collateral amount and is thus open for losing their collateral to a bidding war which will most likely close below market price, sin...

Sound adjusting of a position could fail

Lines of code Vulnerability details Impact Increasing collateral and decreasing it's liquidation price, such that with new liquidation price and old collateral position is becoming unsound, leads to a revert. Such situation can happen often, imagine position that's fully minted and has market pri...

CVE-2023-29581

yasm 1.3.0.55.g101bc has a segmentation violation in the function deleteToken at modules/preprocs/nasm/nasm-pp.c. NOTE: although a libyasm application could become unavailable if this were exploited, the vendor's position is that there is no security relevance because there is either supposed to ...

CVE-2023-1796

A vulnerability classified as problematic has been found in SourceCodester Employee Payslip Generator 1.0. Affected is an unknown function of the file /classes/Master.php?f=saveposition of the component Create News Handler. The manipulation of the argument name with the input alertdocument.cookie...

Amazon Linux 2023 : python3-twisted, python3-twisted+tls (ALAS2023-2023-130)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-130 advisory. Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResourc...

Short positions can be burned while holding collateral

Lines of code Vulnerability details Impact Users can permanently lose a portion of their collateral due to a malicious attacker or their own mistake. Vulnerability Details In the ShortToken contract, adjustPosition is used to handle changes to a short position's short or collateral amounts. The...

CVE-2023-26510

Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no...

CVE-2021-46841

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.5.0 for Android. An attacker in a privileged network position can track a user's activity...

CVE-2021-46841

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.5.0 for Android. An attacker in a privileged network position can track a user's activity...

K05112543: HTTPS monitor vulnerability CVE-2018-5542

Security Advisory Description F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS health monitors do not validate the identity of the monitored server. CVE-2018-5542 Impact This vulnerability may allow unauthorized disclosure and modification of monitor traffic by an attacker with ...