1007 matches found
Loss of funds in an underlying protocol would cause catostrophic loss of funds for swivel
Lines of code Vulnerability details Impact Loss of all user funds Proof of Concept This exploit stems from a quirk in the way that exchange rate is tracked for matured positions. We first need to breakdown how interest is calculate for a matured position. In L124 the yield for a matured position ...
CVE-2022-30591
quic-go through 0.27.0 allows remote attackers to cause a denial of service CPU consumption via a Slowloris variant in which incomplete QUIC or HTTP/3 requests are sent. This occurs because mtudiscoverer.go misparses the MTU Discovery service and consequently overflows the probe timer. NOTE: the...
Cannot create short call floorToken option
Lines of code Vulnerability details The solution is not supporting maker shorting a call of N floorToken although platform declare it support all four types: short\long call\put Proof of Concept Exercising an option is done one-sided by the long taker, at this point the floorTokens should be...
CVE-2022-34913
md2roff 1.7 has a stack-based buffer overflow via a Markdown file containing a large number of consecutive characters to be processed. NOTE: the vendor's position is that the product is not intended for untrusted input...
PT-2022-3180 · Honeywell · Honeywell Safety Builder +2
Name of the Vulnerable Software and Affected Versions: Honeywell Experion PKS Safety Manager versions through 2022-05-06 Description: The issue is related to insufficient verification of data authenticity in the Safety Builder protocol used by Honeywell Experion PKS Safety Manager controllers. Th...
The timestamp of the specified duration is reset after the position is added via stake().
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. I noticed that the stake amount change in stake is +=, which means that the project itself defaults to adding positions at the same duration, but the timestamp of the duration is overwritten by =...
Fixed CVEs in vim: CVE-2022-1927, CVE-2022-1897
CVE-2022-1897: fix substitution which overwrites an allocated buffer - CVE-2022-1927: fix invalid cursor position after '0;' range...
CLSA-2022-1655317609 Fixed CVEs in vim: CVE-2022-1897, CVE-2022-1927
CVE-2022-1897: fix substitution which overwrites an allocated buffer - CVE-2022-1927: fix invalid cursor position after '0;' range...
Approve Returned Value Not Validated
Lines of code Vulnerability details Proof-of-Concept The approve function attempts to performs an ERC20.approve call, but does not check if the returned value is true Succeed or false Failed. Some tokens do not revert if the approval failed but return false instead. / @dev Approve the given...
Did Not Enforce fCash To Be A Component Of SetToken Before Minting
Lines of code Vulnerability details Proof-of-Concept Assume that the manager decided to add a fCash position called "Wrapped fDAI @ 10 October 2022", which will mature at 10 October 2022, to the SetToken. To do so, the manager will call the NotionalTradeModule.mintFCashPosition function. The...
Fixed CVEs in vim: CVE-2022-0319, CVE-2022-1886, CVE-2022-1898, CVE-2022-1851
CVE-2022-0319: correct end of Visual area when entering another buffer - CVE-2022-1851: fix invalid cursor position after text formatting - CVE-2022-1886: fix access before start of text with a put command - CVE-2022-1898: fix using freed memory with 'd'...
CLSA-2022-1654804579 Fixed CVEs in vim: CVE-2022-0319, CVE-2022-1886, CVE-2022-1898, CVE-2022-1851
CVE-2022-0319: correct end of Visual area when entering another buffer - CVE-2022-1851: fix invalid cursor position after text formatting - CVE-2022-1886: fix access before start of text with a put command - CVE-2022-1898: fix using freed memory with 'd'...
CLSA-2022-1654804240 Fixed CVEs in vim: CVE-2022-1851, CVE-2022-1898, CVE-2022-1886, CVE-2022-0319
CVE-2022-0319: correct end of Visual area when entering another buffer - CVE-2022-1851: fix invalid cursor position after text formatting - CVE-2022-1886: fix access before start of text with a put command - CVE-2022-1898: fix using freed memory with 'd'...
jquery-ui: XSS in the 'of' option of the .position() util
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS...
User can call liquidate() and steal all collateral due to arbitrary router call
Lines of code Vulnerability details Impact A malicious user is able to steal all collateral of an unhealthy position in PARMinerV2.sol. The code for the liquidate function is written so that the following steps are followed: User calls PARMinerV2.liquidate PARMinerV2 performs the liquidation with...
Possible to steal collateral during a reentrant collateral transfer
Lines of code Vulnerability details Impact In NFTPair.sol218 an ERC-721 transfer occurs. Anyone who gains execution during this transfer after the owner of the token is changed can steal the token transferred. Note that it will be applicable only if !skim. Since the exploit makes assumptions abou...
CVE-2022-28012
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\positiondelete.php...
CVE-2022-28012
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\positiondelete.php...
CVE-2022-28012
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\positiondelete.php...
CVE-2022-28020
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\positionedit.php...