Lucene search
K

30 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2009-2373

Malware in sbrugna...

4.3CVSS6.4AI score0.01887EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2007-3444

Malware in sbrugna...

6.4CVSS6.4AI score0.0288EPSS
Exploits0References7
Code423n4
Code423n4
added 2023/02/15 12:0 a.m.12 views

Slashed amount may not be cover the staker reward payout

Lines of code Vulnerability details Impact Slashed amount may not be cover the staker reward payout Proof of Concept In the current fix, If the staked balance cannot cover the slashed amount, seize the staked balance. Staking staking = StakinggetContractAddress"Staking"; if staking.getGGPStakeown...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/02/14 12:0 a.m.10 views

Mitigation Confirmed for Mitigation of H-06 Issue mitigated

C4 issue H-06: MinipoolManager: node operator can avoid being slashed Comments In the original implementation, there were a few scenarios where malicious node operators can avoid being slashed. Mitigation PR 41 This PR includes mitigation for various issues H-03, H-06, M-13. Just focusing on the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/02/13 12:0 a.m.12 views

Deficiency of slashed GGP amount should be made up from node operator's AVAX

Lines of code Vulnerability details Impact If staked GGP doesn't cover slash amount, slashing it all will not be fair to the liquid stakers. Slashing is rare, and that the current 14 day validation cycle which is typically 1/26 of the minimum amount of GGP staked is unlikely to bump into this...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/02/03 12:0 a.m.7 views

Upgraded Q -> 2 from #653 [1675442664703]

Judge has assessed an item in Issue 653 as 2 risk. The relevant finding follows: 1. Funds are locked if Rialto use function finishFailedMinipoolByMultisig Detail Function finishFailedMinipoolByMultisig did not transfer any funds or doing any data change, only updating state of minipool to Finishe...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/02/03 12:0 a.m.15 views

MinipoolManager: node operator can avoid being slashed

Lines of code Vulnerability details Impact When staking is done, a Rialto multisig calls MinipoolManager.recordStakingEnd . If the avaxTotalRewardAmt has the value zero, the MinipoolManager will slash the node operator's GGP. The issue is that the amount to slash can be greater than the GGP balan...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/01/03 12:0 a.m.14 views

Possible to block withdrawal of staked funds after recordStakingEnd or stakingError

Lines of code Vulnerability details Impact Node operators can lose their staked AVAX after stakingEnd or stakingError. Funds will be locked in the Staking contract, but impossible to withdraw. A bad actor does need to supply 1000 AVAX which he gets back and has not have real incentive to do it, b...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/01/03 12:0 a.m.9 views

Malicious user can use previously used nodeID to prevent user(s) from withdrawing minipool funds

Lines of code Vulnerability details In createMinipool, an event is emitted with details of a newly created minipool. This includes relevant information that a subsequent user can utilise to create another minipool.The only condition that prevents a minipool from being created again with the same...

6.4AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/08/02 8:51 a.m.6 views

Malicious code in avax-js-cli-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 20bcbb8282cba23d9c896b37231cedc6bae3b5042eff2693e1ee677525401345 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/08/02 8:51 a.m.5 views

MAL-2022-1184 Malicious code in avax-js-cli-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 20bcbb8282cba23d9c896b37231cedc6bae3b5042eff2693e1ee677525401345 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Code423n4
Code423n4
added 2022/01/27 12:0 a.m.13 views

Failed transfer with low level call could be overlooked

Handle harleythedog Vulnerability details Impact In LaunchEvent.sol, the function safeTransferAVAX is as follows: function safeTransferAVAXaddress to, uint256 value internal bool success, = to.callvalue: valuenew bytes0; requiresuccess, "LaunchEvent: avax transfer failed"; This function is utiliz...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/27 12:0 a.m.8 views

Wrong token allocation computation for token decimals != 18 if floor price not reached

Handle cmichel Vulnerability details In LaunchEvent.createPair, when the floor price is not reached floorPrice wavaxReserve 1e18 / tokenAllocated, the tokens to be sent to the pool are lowered to match the raised WAVAX at the floor price. Note that the floorPrice is supposed to have a precision o...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/01/05 12:0 a.m.19 views

MATIC/AVAX and AVAX/MATIC pools

Handle 0x0x0x Vulnerability details The MATIC/AVAX and AVAX/MATIC pools are close to being undercollateralized. Don't fall for the high APR Psyops, always check the collateralization before lending into a pool, otherwise borrowers will default and you will loose your asset --- The text was update...

6.8AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Avaxswf.dll 1.0.0.1 from Avax Vector ActiveX Arbitrary Data Write

No description provided by source. :. GOODFELLAS Security Research TEAM .: :. http://goodfellas.shellcode.com.ar .: Avaxswf.dll v.1.0.0.1 from Avax Vector software ActiveX Arbitrary Data Write ============================================================================ Internal ID: VULWAR20070626...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

Avax Vector 1.3 'avPreview.ocx' ActiveX Control Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35583/info Avax Vector is prone to a remote buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of an application that uses the ActiveX control typically Internet...

7.1AI score
Exploits0
NVD
NVD
added 2009/07/08 3:30 p.m.15 views

CVE-2009-2377

Buffer overflow in the Avax Vector ActiveX control in avPreview.ocx in AVAX-software Avax Vector ActiveX 1.3 allows remote attackers to cause a denial of service application crash via a long PrinterName property...

4.3CVSS6.8AI score0.01887EPSS
Exploits1References2
Prion
Prion
added 2009/07/08 3:30 p.m.12 views

Buffer overflow

Buffer overflow in the Avax Vector ActiveX control in avPreview.ocx in AVAX-software Avax Vector ActiveX 1.3 allows remote attackers to cause a denial of service application crash via a long PrinterName property...

4.3CVSS7.4AI score0.01887EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2009/07/08 3:0 p.m.23 views

CVE-2009-2377

Buffer overflow in the Avax Vector ActiveX control in avPreview.ocx in AVAX-software Avax Vector ActiveX 1.3 allows remote attackers to cause a denial of service application crash via a long PrinterName property...

6.8AI score0.01887EPSS
Exploits1References2
CVE
CVE
added 2009/07/08 3:0 p.m.38 views

CVE-2009-2377

The CVE-2009-2377 entry concerns the AVAX-software Avax Vector ActiveX 1.3 with the ActiveX control avPreview.ocx. A buffer overflow can be triggered in the PrinterName property, allowing remote attackers to cause a denial of service (application crash). Affected component: Avax Vector ActiveX 1....

4.3CVSS7AI score0.01887EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder