IndexPool's flashSwap does not transfer tokens before the callback

Handle cmichel Vulnerability details The IndexPool.flashSwap function calls ITridentCalleemsg.sender.tridentSwapCallbackcontext before transferring the tokens to the recipient via tranfer. Impact It's very important that the tokens are transferred to the caller before the callback. The use-case o...

CLSA-2021-1632262269 Fix of CVE: CVE-2021-34693, CVE-2021-20292, CVE-2021-28972, CVE-2021-20265, CVE-2021-32399, CVE-2014-4508, CVE-2021-3612, CVE-2021-3178, CVE-2021-37159, CVE-2021-38205, CVE-2021-3573, CVE-2021-38160

ELSCVE-666: CVE-2021-34693: can: bcm: fix infoleak in struct bcmmsghead - ELSCVE-705: CVE-2021-38160: virtioconsole: Assure used length from device is limited - ELSCVE-769: CVE-2014-4508: x8632, entry: Do syscall exit work on badsys CVE-2014-4508 - ELSCVE-844: CVE-2021-3573: Bluetooth: use...

Carefully add tokens to the list that the protocol uses

Handle tensors Vulnerability details Impact As of right now I believe the only outside tokens the protocol uses are DAI, USDC, USDT and WETH. If other tokens are added, make sure to check that they have no callbacks on transfer. For example, CREAM protocol added the AMP token which has a callback...

PT-2021-8177 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the clk component of the Linux kernel, where unbinding a CCU driver unmaps the device's MMIO region but leaves its clocks/resets and their providers registered...

Access restrictions on CompoundToNotionalV2.notionalCallback can be bypassed

Handle cmichel Vulnerability details Vulnerability Details The CompoundToNotionalV2.notionalCallback is supposed to only be called from the verified contract that calls this callback but the access restrictions can be circumvented by simply providing sender = this as sender is a parameter of the...

Access restrictions on NotionalV1ToNotionalV2.notionalCallback can be bypassed

Handle cmichel Vulnerability details Vulnerability Details The NotionalV1ToNotionalV2.notionalCallback is supposed to only be called from the verified contract that calls this callback but the access restrictions can be circumvented by simply providing sender = this as sender is a parameter of th...

Possible reentrancy in balanceOf, decimals, mint

Handle tensors Vulnerability details Impact Registering tokens that aren't properly vetted can lead to a loss of funds if the token has callbacks. CREAM finance got hacked in a similar way because the ampleforth token had a callback in the transfer method that wasn't noticed when they vetted it...

.latestRoundData() does not update the oracle - ExchangeRate.sol

Handle tensors Vulnerability details Impact The method .latestRoundData on an oracle returns the latest updated price from the oracle, but this is not the current price of an asset. To get an accurate current price you need to query it by calling the oracle and waiting for a callback to fulfill t...

CVE-2021-27910

CVE-2021-27910 describes a stored XSS in Mautic via the bounce management callback. The vulnerability arises from insufficient sanitization of the POST parameters error and error_related_to in the callback endpoint (POST /mailer//callback). An attacker with access to the callback can inject arbit...

GHSA-QPJR-CH72-2QQ4 Use after free in portaudio-rs

Affected versions of this crate is not panic safe within callback functions streamcallback and streamfinishedcallback. The call to user-provided closure might panic before a mem::forget call, which then causes a use after free that grants attacker to control the callback function pointer. This...

Use after free in portaudio-rs

Affected versions of this crate is not panic safe within callback functions streamcallback and streamfinishedcallback. The call to user-provided closure might panic before a mem::forget call, which then causes a use after free that grants attacker to control the callback function pointer. This...

PT-2021-3801 · Realtek · Realtek Jungle Sdk

Name of the Vulnerable Software and Affected Versions: Realtek Jungle SDK versions v2.x through v3.4.14B Description: The WiFi Simple Config server in the Realtek Jungle SDK is vulnerable due to unsafe parsing of the UPnP SUBSCRIBE/UNSUBSCRIBE Callback header, leading to a stack buffer overflow...

CVE-2021-3452

A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code...

CVE-2021-3452

A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code...

Lenovo Bios 授权问题漏洞

Lenovo Bios is a boot method for computers from the Chinese company Lenovo Lenovo. It is used to boot the system during computer startup. Lenovo BIOS has an authorization issue vulnerability that stems from a lack of privilege control in the system shutdown SMI callback function, which allows an...

VDZ CallBack < 1.14.6 - Authenticated Stored XSS

The plugin does not properly sanitise or escape some of its settings, allowing high privilege users such as admin to perform XSS attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Title setting of the plugin...

VDZ CallBack < 1.14.6 - Authenticated Stored XSS

The plugin does not properly sanitise or escape some of its settings, allowing high privilege users such as admin to perform XSS attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the Title setting of the plugin...

The vulnerability of the `cp_plugins_do_button_job_later_callback` function in the Tree Sitemap WordPress plugin allows a hacker to execute arbitrary code.

The vulnerability of the cppluginsdobuttonjoblatercallback function in the Tree Sitemap WordPress plugin is related to authentication process errors. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

Reflected XSS from the callback handler's error query parameter

Overview Overview @auth0/nextjs-auth0 versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the callback handler as an error message. Am I affected? You are...

GHSA-954C-JJX6-CXV7 Reflected XSS from the callback handler's error query parameter

Overview Versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the callback handler as an error message. Am I affected? You are affected by this vulnerability ...