cause users to revet right after deployment so they cant lend or borrow

Lines of code Vulnerability details Impact because of deployment hasMatured is false mintInternal reverts then cause users' to loose money on gas and users' cant lend which could lead to worse things and cause more attack vectors. Recommended Mitigation Steps check for delay after deployment or g...

Libraries: Untrusted users can modify some Pipeline libraries in Pipeline Shared Groovy Libraries Plugin

A flaw was found in the Jenkins Pipeline: Shared Groovy Libraries plugin. The Jenkins Pipeline: Shared Groovy Libraries plugin allows attackers to submit pull requests. However, the attacker cannot commit directly to the configured Source Control Management SCM to effectively change the Pipeline...

Talos EMEA monthly update: Business email compromise

The latest edition of the Talos EMEA Monthly Update is available now on Cisco.com and Cisco's YouTube page. You can also view the episode in its entirety above. For June, Hazel and Martin got together to discuss business email compromise. BEC has quickly become the most lucrative attack vector...

Path Traversal in django-s3file

Impact It was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. The issue was discovered by the maintainer. There were no reports of the vulnerability being known to or exploited by a third party, before the release of the patch. If the AWSLOCATION setting...

GHSA-4W8F-HJM9-XWGF Path Traversal in django-s3file

Impact It was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. The issue was discovered by the maintainer. There were no reports of the vulnerability being known to or exploited by a third party, before the release of the patch. If the AWSLOCATION setting...

Google Android 安全漏洞

Google Android is a Linux-based open-source operating system from Google, a U.S. company. An attacker could use the vulnerability to gain elevated privileges on the system...

CRI-O 资源管理错误漏洞

CRI-O is a lightweight container runtime environment for Kubernetes systems. CRI-O suffers from a resource management error vulnerability that stems from a lack of size limitations on CRI-O read output. An attacker could create larger output to exploit the vulnerability to affect the availability...

Google Android 资源管理错误漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability. An attacker can exploit this vulnerability to gain elevated privileges on the system...

TOTOLINK EX1200T 操作系统命令注入漏洞

TOTOLINK EX1200T is a Wi-Fi range extender from China-based TOTOLINK, and a command injection vulnerability exists in TOTOLINK EX1200T. langType to conduct attacks...

CVE-2022-31461

Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11 message...

Carrier LenelS2 HID Mercury access panels 安全漏洞

Carrier LenelS2 HID Mercury access panels is a controller panel from Carrier, U.S.A. A buffer overflow vulnerability exists in Carrier LenelS2 HID Mercury access panels, which could be exploited by an attacker to send a specially crafted update file to the device, which could cause a buffer...

Microsoft Windows Support Diagnostic Tool 操作系统命令注入漏洞

Microsoft Support Diagnostic Tool MSDT, Microsoft Support Diagnostic Tool is a utility program used to troubleshoot and collect diagnostic data for professionals to analyze and solve problems.Microsoft Office is a popular office software developed by Microsoft Corporation. Microsoft Support...

Phabricator: Deprecated owners.query API bypasses object view policy

The deprecated owners.query API does not check object view policy. A user is able to view some information about an owner package which they do not have permission to see by calling this API. Since the API is deprecated, it could just be removed. Impact An attacker is able to view some informatio...

BathPair.sol#rebalancePair() can be front run to steal the pending rebalancing amount

Lines of code Vulnerability details function underlyingBalance public view returns uint256 uint256 pool = IERC20underlyingToken.balanceOfaddressthis; return pool.addoutstandingAmount; function removeFilledTradeAmountuint256 amt external onlyPair outstandingAmount = outstandingAmount.subamt; emit...

Jfinal CMS SQL注入漏洞

Jfinal CMS is a powerful information consulting website developed by java, using the simple and powerful JFinal as a web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS version 5.1 has a SQL injection vulnerability, the vulnerability originate...

XSS in various backend modules due to (un)escaping in JS notification module

The notification module displaying flash messages unscapes HTML coming from the server, resulting in XSS vulnerabilities with various names and labels of entities eg. workspace title or media title. This however means you must be a logged in user with respective rights in the first place to...

Pion DTLS Header reconstruction method can be thrown into an infinite loop

Impact An attacker can send packets that will send Pion DTLS into an infinite loop when processing. Patches Upgrade to Pion DTLS v2.1.4 Workarounds No workarounds available, upgrade to Pion DTLS v2.1.4 References Thank you to Juho Nurminen and the Mattermost team for discovering and reporting thi...

Jenkins Credentials Binding Plugin Stores Passwords in a Recoverable Format

Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line 30 passwordVariable. The attack vector is: Attacker creates and executes a...

Gitea XSS Vulnerability

Gitea 1.7.0 and earlier is affected by: Cross Site Scripting XSS. The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically...

Dolibarr Cross Site Scripting (XSS)

Dolibarr 6.0.4 is affected by: Cross Site Scripting XSS. The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker...