Malicious code in abina-amugmi-amm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f5f0c46f9886f2bb5d1f446801b932f1a5c1b9e0de8c3323a2d3110d73af162 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2020-29206

Malware in sbrugna...

EUVD-2010-2658

Malware in sbrugna...

EUVD-2010-1487

Malware in sbrugna...

@jup-ag/core (>=3.0.0-beta.0 <=3.0.0-beta.8-eacba78), @jup-ag/react-hook (>=3.0.0-beta.0 <=3.0.0-beta.8-eacba78) +7 more potentially affected by CVE-2024-30253 via @solana/web3.js (>=1.63.0 <=1.63.1)

@solana/web3.js NPM version =1.63.0, =3.0.0-beta.0, =3.0.0-beta.0, =0.0.1-0d5b39f4.0, =0.0.1-0f199db9.0, =4.0.0-maple-1, =0.1.0, =1.4.8, =1.0.0, =1.7.1-alpha.4 Source cves: CVE-2024-30253 Source advisory: OSV:GHSA-8M45-2RJM-J347...

Missing deadline check for AfEth actions

Lines of code Vulnerability details Summary AfEth main actions execute on-chain swaps and lack an expiration deadline, which enables pending transactions to be maliciously executed at a later point. Impact Both AfEth deposits and withdrawals include on-chain swaps in AMM protocols as part of thei...

Attacker can extract value from pool by sandwiching herself at swapAll during close

Lines of code Vulnerability details Attacker can drain the lending pool by leveraging two facts: 1. swapAll allows 1% slippage 2. There is no Health Factor check after close. Alice and Bob are good friends, the steps are in one single tx: 1. Alice deposits 10000 USDT and borrows 7000$ worth of TR...

Improper handling of cases when total supply = 0

Lines of code Vulnerability details Impact Improper handling of cases when total supply = 0 AMM engine may not be started. Proof of Concept Considering if a vault uses Shell as its AMM engine. At the start, the vault has 0 X and Y balance and someone try to deposit tokens to it, this process will...

AMM's invariant of maximun/minimum slopes is broken

Lines of code Vulnerability details Impact AMM's invariants are broken which might result in stale/unprofitable swaps Proof of Concept the function depositGivenInputAmount is used to preview amount of LP tokens using the function reserveTokenSpecified function reserveTokenSpecified SpecifiedToken...

Swaps affect LP token mint/burn during liquidity addition/removal

Lines of code Vulnerability details Impact The LP token removal/addition forces a recalculation of the bonding curve, and the utility of the curve. The utility curve in proteus looks like the graph below, where the point A represents a certain composition of the pool. If we try to remove add/remo...

The existence of Pump may hinder large swaps or swaps from a low liquidity pool

Lines of code Vulnerability details Impact Large swaps or swaps with low liquidity value may not work properly. Proof of Concept According to the whitepaper, the purpose of the pump is to be a multi-block MEV manipulation resistant to large changes in liquidity value. Since the Well can be create...

Interactions with Pool do not use valid deadlines for operations

Lines of code Vulnerability details Impact Miner can potentially hold the transaction which results in loss of funds for users. Proof of Concept File: TalosBaseStrategy.sol liquidityDifference, amount0, amount1 = nonfungiblePositionManager.increaseLiquidity...

DENIAL OF SERVICE (DoS) WHEN DECREASING THE weight DUE TO UNDERFLOW IN THE UlyssesPool.setWeight FUNCTION

Lines of code Vulnerability details Impact The UlyssesPool.setWeight function is used to update the weight of a particular poolId in the current UlyssesPool. But when the weight of the respective poolId is decreased from the current value, the calculation underflows and thus DoS the reducing of...

Slippage protection minOut autoSwapThreshold is not effective when swapping the token

Lines of code Vulnerability details Impact In the current model, the minimum output minOut amount for the auto-swap is set to match the autoSwapThreshold, which is fixed at 4 CANTO. This configuration might result in potential market risks due to fluctuations in the value of CANTO, potentially...

Security Bulletin: Vulnerability in IBM Advanced Management Module (CVE-2013-4007)

Summary Cross-Site Scripting XSS vulnerability is found in advsw.php page of IBM advanced Management Module. Vulnerability Details Abstract Cross-Site Scripting XSS vulnerability is found in advsw.php page of IBM advanced Management Module. Vulnerabily Details:| CVE ID: CVE-2013-4007 Description:...

Security Bulletin: Vulnerability in cURL affects IBM BladeCenter Advanced Management Module (AMM)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in cURL. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in cURL. Vulnerability Details CVEID: CVE-2017-1000254 Description:...

Security Bulletin: Vulnerability in libxml2 affects IBM BladeCenter Advanced Management Module (AMM)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in libxml2. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in libxml2. Vulnerability Details CVEID: CVE-2017-8872 Description:...

Security Bulletin: Vulnerabilities in strongswan affect IBM BladeCenter Advanced Management Module (AMM) (CVE-2017-9023, CVE-2017-9022)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in strongswan. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in strongswan. Vulnerability Details CVEID: CVE-2017-9023...

Security Bulletin: Vulnerabilities in ntp, libxml2, openssh, sqlite and python-base affect IBM BladeCenter Advanced Management Module (AMM)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities. Vulnerability Details: CVEID: CVE-2016-4953 Description: NTP is vulnerable ...

Security Bulletin: Vulnerability in apache affects IBM BladeCenter Advanced Management Module (AMM) (CVE-2016-2161)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in apache. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in apache. Vulnerability Details CVEID: CVE-2016-2161 Description:...