cause users to revet right after deployment so they cant lend or borrow

Lines of code Vulnerability details Impact because of deployment hasMatured is false mintInternal reverts then cause users' to loose money on gas and users' cant lend which could lead to worse things and cause more attack vectors. Recommended Mitigation Steps check for delay after deployment or g...

FacturaScripts 跨站脚本漏洞

FacturaScripts is an ERP software. A cross-site scripting vulnerability exists in versions prior to facturascripts 2022.06, which stems from a lack of filename validation, and can be exploited by an attacker to upload a svg file resulting in a cross-site scripting attack...

CVE-2022-24278

The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file...

Libraries: Untrusted users can modify some Pipeline libraries in Pipeline Shared Groovy Libraries Plugin

A flaw was found in the Jenkins Pipeline: Shared Groovy Libraries plugin. The Jenkins Pipeline: Shared Groovy Libraries plugin allows attackers to submit pull requests. However, the attacker cannot commit directly to the configured Source Control Management SCM to effectively change the Pipeline...

convert-svg 路径遍历漏洞

convert-svg is open source series of open source software for converting SVG format files to other formats. A security vulnerability exists in versions of convert-svg prior to 0.6.4 that stems from improper cleaning of SVG tags...

Talos EMEA monthly update: Business email compromise

The latest edition of the Talos EMEA Monthly Update is available now on Cisco.com and Cisco's YouTube page. You can also view the episode in its entirety above. For June, Hazel and Martin got together to discuss business email compromise. BEC has quickly become the most lucrative attack vector...

Directory Traversal

Overview convert-svg-core is a package that supports converting SVG into another format using headless Chromium. Affected versions of this package are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted...

GHSA-4W8F-HJM9-XWGF Path Traversal in django-s3file

Impact It was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. The issue was discovered by the maintainer. There were no reports of the vulnerability being known to or exploited by a third party, before the release of the patch. If the AWSLOCATION setting...

Path Traversal in django-s3file

Impact It was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. The issue was discovered by the maintainer. There were no reports of the vulnerability being known to or exploited by a third party, before the release of the patch. If the AWSLOCATION setting...

Arbitrary Code Injection

Overview convert-svg-core is a package that supports converting SVG into another format using headless Chromium. Affected versions of this package are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then...

Google Android 资源管理错误漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability. An attacker can exploit this vulnerability to gain elevated privileges on the system...

Google Android 安全漏洞

Google Android is a Linux-based open-source operating system from Google, a U.S. company. An attacker could use the vulnerability to gain elevated privileges on the system...

CRI-O 资源管理错误漏洞

CRI-O is a lightweight container runtime environment for Kubernetes systems. CRI-O suffers from a resource management error vulnerability that stems from a lack of size limitations on CRI-O read output. An attacker could create larger output to exploit the vulnerability to affect the availability...

TOTOLINK EX1200T 操作系统命令注入漏洞

TOTOLINK EX1200T is a Wi-Fi range extender from China-based TOTOLINK, and a command injection vulnerability exists in TOTOLINK EX1200T. langType to conduct attacks...

CVE-2022-31461

Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11 message...

CVE-2022-1982

Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post...

Carrier LenelS2 HID Mercury access panels 安全漏洞

Carrier LenelS2 HID Mercury access panels is a controller panel from Carrier, U.S.A. A buffer overflow vulnerability exists in Carrier LenelS2 HID Mercury access panels, which could be exploited by an attacker to send a specially crafted update file to the device, which could cause a buffer...

PT-2022-5078 · Adobe · Indesign

Name of the Vulnerable Software and Affected Versions: Adobe InDesign versions 16.4.2 and earlier Adobe InDesign versions 17.3 and earlier Description: The issue is related to a Heap-based Buffer Overflow that could result in arbitrary code execution in the context of the current user. Exploitati...

PT-2022-14234 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 6.6.0 and earlier Description: The issue allows an authenticated attacker to crash the server by exploiting uncontrolled resource consumption via a crafted SVG attachment on a post. Recommendations: For Mattermost versions...

Mattermost 资源管理错误漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. A resource management error vulnerability exists in versions prior to Mattermost 6.6.0, which stems from uncontrolled consumption of resources and can be exploited by an attacker to crash the server via a specially crafted...