First depositor can break minting of shares

Lines of code Vulnerability details Impact The attack vector and impact is the same as TOB-YEARN-003, where users may not receive shares in exchange for their deposits if the total asset amount has been manipulated through a large “donation”. Proof of Concept In Pair.add, the amount of LP token...

PT-2022-14748 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: A side channel information disclosure issue exists in the WifiManager.java file, specifically in the registerLocalOnlyHotspotSoftApCallback function. This issue could allow an attacker to determine...

Design/Logic Flaw

Tendermint is a high-performance blockchain consensus engine for Byzantine fault tolerant applications. Versions prior to 0.28.0 contain a potential attack via Improper Verification of Cryptographic Signature, affecting anyone using the tendermint-light-client and related packages to perform ligh...

Hackers Bombard Open Source Repositories with Over 144,000 Malicious Packages

NuGet, PyPi, and npm ecosystems are the target of a new campaign that has resulted in over 144,000 packages being published by unknown threat actors. "The packages were part of a new attack vector, with attackers spamming the open source ecosystem with packages containing links to phishing...

CVE-2022-23507 Light client verification not taking into account chain ID

Tendermint is a high-performance blockchain consensus engine for Byzantine fault tolerant applications. Versions prior to 0.28.0 contain a potential attack via Improper Verification of Cryptographic Signature, affecting anyone using the tendermint-light-client and related packages to perform ligh...

Tendermint light client verification not taking into account chain ID

Impact Anyone using the tendermint-light-client and related packages to perform light client verification e.g. IBC-rs, Hermes. At present, the light client does not check that the chain IDs of the trusted and untrusted headers match, resulting in a possible attack vector where someone who finds a...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome that stems from insufficient policy enforcement in DevTools. An attacker convinces users to install malicious extensions in order to bypass navigation restrictions via a crafted Chrome extension...

Cross site scripting

useroidc is an OpenID Connect user backend for Nextcloud. Versions prior to 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on this endpoint. Additionally this...

CVE-2022-45399

A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics...

CVE-2022-40735

CVE-2022-40735 describes a Diffie-Hellman Key Agreement Page vulnerability: long exponents may lead to expensive DHE modular-exponentiation and potential server-side resource consumption. The issue is tied to exponent size under subgroup constraints, with applicability depending on protocol (e.g....

Buyers unused ETH funds can be stolen (Direct theft of funds)

Lines of code Vulnerability details Impact The protocol has recognized the need to track buyers ETH in order to refund unused ETH by implementing the returnDust function and setupExecution modifier. The implementation creates an attack vector that allows the seller to steal the unused ETH...

SpigotedLineLib::trade won’t work with tokens with approval race protection (USDT)

Lines of code Vulnerability details Proof of Concept Some tokens e.g. USDT, KNC do not allow approving an amount M 0 when an existing amount N 0 is already approved. This is to protect from an ERC20 attack vector described here. The problem is the code in trade is the following...

Experts Warn of Browser Extensions Spying On Users via Cloud9 Chrome Botnet Network

The Keksec threat actor has been linked to a previously undocumented malware strain, which has been observed in the wild masquerading as an extension for Chromium-based web browsers to enslave compromised machines into a botnet. Called Cloud9 by security firm Zimperium, the malicious browser add-...

Microsoft Excel 安全漏洞

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A remote code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute code on the target host...

The pledge creators might lose all of their funds by recoverERC20().

Lines of code Vulnerability details Impact There is a recoverERC20 function to withdraw ERC20 tokens from the contract. Currently, it checks if the token isn't an active reward token but it can be passed easily if the admin removes the reward token using removeRewardToken. So if the admin removes...

GHSA-QM95-PGCG-QQFQ Insufficient validation when decoding a Socket.IO packet

Due to improper type validation in the socket.io-parser library which is used by the socket.io and socket.io-client packages to encode and decode Socket.IO packets, it is possible to overwrite the placeholder object which allows an attacker to place references to functions at arbitrary places in...

Metabase 安全漏洞

Metabase is an open source data analytics platform from Metabase, Inc. in the United States. A security vulnerability exists in Metabase that stems from unsaved SQL queries being executed automatically, which could constitute a possible attack vector...

CVE-2022-39362 Metabase vulnerable to arbitrary SQL execution from queryhash

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9...

Beneficiary credit balance can unwillingly be used to mint low tier NFT

Lines of code Vulnerability details Impact In the function processPayment, it will use provided JBDidPayData from JBPaymentTerminal to mint to the beneficiary. The value from JBDidPayData will be sum up with previous credits balance of beneficiary. There are 2 cases that beneficiary credit balanc...

GHSA-2JXX-2X93-2Q2F Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin

Generic Webhook Trigger Plugin 1.84.1 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. Generic Webhook Trigger Plugin 1.84...