_payFallbackGas is not being paid in case selector is 0x07 or 0x08

Lines of code Vulnerability details Impact payFallbackGas gas is not being paid for selectors 0x07 and 0x08 which causes a loss for protocol's execution gas budget. In case Execution budget is not enough then anyFallback will fail. Proof of Concept In payFallbackGas gas should always be paid in...

CVE-2023-2326 Gravity Forms Google Sheet Connector < 1.3.5 - Access Code Update via CSRF

The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF...

WooCommerce Google Sheet Connector <= 1.3.5 - Access Code Update via CSRF

The plugin does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack PoC Make a logged in admin open https://example.com/wp-admin/admin.php?page=wc-gsheetconnector-config=attacker-code...

An attacker can make users' funds get "locked" in the contract (the owner can get them out and transfer them back to the users)

Lines of code Vulnerability details Impact If a user manages to be the first user to deposit into the contract, he will be minted shares and he can steal all the other users' deposits. Proof of Concept 1. The attacker deposits 1 token into the contract and 1 share is minted to him totalSupply and...

Potential exposure of tokens to an Unauthorized Actor

Impact When using this library as a way to programmatically communicate with Replit in a standalone fashion, if there are multiple failed attempts to contact Replit through a WebSocket, the library will attempt to communicate using a fallback poll-based proxy. The URL of the proxy has changed, so...

CVE-2022-21669

PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new version is already running on the server. As of time of publication, the maintainers are plannin...

CVE-2022-21669 Bot token exposed in main.py

PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new version is already running on the server. As of time of publication, the maintainers are plannin...

CVE-2022-21669

The CVE-2022-21669 entry concerns PuddingBot, a group-management bot. Affected versions are 0.0.6-b933652 and earlier, where the bot token is publicly exposed in main.py due to the trust/credential handling issue. The token has been revoked and a new version is already deployed on the server. Pub...

CVE-2021-21954

A command execution vulnerability exists in the wificountrycodeupdate functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution...

CVE-2021-21954

A command execution vulnerability exists in the wificountrycodeupdate functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution...

Command injection

A command execution vulnerability exists in the wificountrycodeupdate functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution...

Wrong funding index in settle when no base?

Handle cmichel Vulnerability details The TracerPerpetualSwaps.settle function updates the user's last index to currentGlobalFundingIndex, however a comment states: "// Note: global rates reference the last fully established rate hence the -1, and not the current global rate. User rates reference...

addRegistrationTributeGovernance shoud call_addGovernanceTribute ?

Handle gpersoon Vulnerability details Impact The function addRegistrationTributeGovernance makes a call to addTribute, the same as addRegistrationTribute is doing However a function addGovernanceTribute also exists and this function is never called. It seem more logical that...

Ubuntu: Security Advisory (USN-4418-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-14054

Improper permissions in XBLSEC region enable user to update XBLSEC code and data and divert the RAM dump path to normal cold boot path in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, MSM8998,...

A Facebook Bug Exposed Anonymous Admins of Pages

A bad code update allowed anyone to easily reveal which accounts posted to Facebook Pages—including celebrities and politicians—for several hours...

Security update for live555 (moderate)

openSUSE Security Update: Security update for live555 Announcement ID: openSUSE-SU-2019:1880-1 Rating: moderate References: 1121995 1124159 1127341 Cross-References: CVE-2019-7314 CVE-2019-9215 Affected Products: openSUSE Backports SLE-15-SP1 An update that solves two vulnerabilities and has one...

BSA-2017-227

Security Advisory ID : BSA-2017-227 Component : ntp Revision : 1.0: Interim Bug 2085 described a condition where the root delay was included twice, causing the jitter value to be higher than expected. Due to a misinterpretation of a small-print variable in The Book, the fix for this problem was...

SUSE-SU-2016:1966-1 Security update for several openstack-components

This update provides the latest code from OpenStack Liberty for openstack-designate, -ironic, -neutron-vpnaas, -nova-docker, -sahara, -tempest and -trove. Additionally the following security issue has been fixed: openstack-ironic: - Mask password on agent lookup according to policy bsc984802,...

java-1.7.0-openjdk security update

1.7.0.45-2.4.3.1.0.1.el510 - Add oracle-enterprise.patch - Fix DISTRONAME to 'Enterprise Linux' 1.7.0.45-2.4.3.1.el5 - Updated to icedtea 2.4.3 - Resolves: rhbz1017623 1.7.0.45-2.4.3.0.el5 - fixed and updated tapset - removed bootstrap - source 11 redeclared to 1111 - added source12:...