openCRX Code Issues Vulnerabilities

openCRX is an open source Crm software. A code issue vulnerability exists in openCRX version v.5.2.2, which stems from a vulnerability that allows remote attackers to execute arbitrary code via a specially crafted request...

EthenaMinting.sol#_setMaxRedeemPerBlock() - Function doesn't enforce any constraints

Lines of code Vulnerability details Explanation The EthenaMinting.solsetMaxMintPerBlock function is responsible for setting the maximum limit for minting USDe tokens in a single block. function setMaxMintPerBlockuint256 maxMintPerBlock external onlyRoleDEFAULTADMINROLE...

StakedUSDe.totalSupply() may decrease below MIN_SHARES by StakedUSDe.redistributeLockedAmount.

Lines of code Vulnerability details Impact StakedUSDe runs checkMinShares in deposit and withdraw to keep the totalSupply more than MINSHARES, 1e18. It is to prevent an ERC4626 inflation attack. However, StakedUSDe.redistributeLockedAmountuser, address0 burns all the user's shares and decreases t...

TRANSFERING FUNDS TO YOURSELF INCREASES YOUR BALANCE

Lines of code Vulnerability details Impact If transferred to yourself, it will cause your balance to increase, thus growing the token balance infinitely. Proof of Concept File: src/market/WildcatMarketToken.sol 54: transferfrom, to, amount; 74: accountsfrom = fromAccount; 78: accountsto =...

Ubuntu 20.04 ESM / 22.04 ESM : ImageMagick vulnerabilities (USN-5736-2)

The remote Ubuntu 20.04 ESM / 22.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5736-2 advisory. USN-5736-1 fixed vulnerabilities in ImageMagick. This update provides the corresponding updates for Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. On...

CVE-2023-35185

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges...

CVE-2023-35187

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability allows an unauthenticated user to achieve the Remote Code Execution...

CVE-2023-35187

CVE-2023-35187 affects SolarWinds Access Rights Manager. The OpenClientUpdateFile method contains a path validation flaw that allows an unauthenticated attacker to perform directory traversal and achieve remote code execution on affected installations. The vulnerability enables code execution wit...

CVE-2023-35185

CVE-2023-35185 concerns SolarWinds Access Rights Manager OpenFile Directory Traversal leading to remote code execution. The connected ZDI advisory specifies that the vulnerability exists in the OpenFile method and stems from insufficient validation of a user-supplied path prior to file operations...

SolarWinds Access Rights Manager Code Issue Vulnerability

SolarWinds Access Rights Manager is a lightweight review management system from SolarWinds. A code issue vulnerability exists in SolarWinds Access Rights Manager. An attacker could exploit this vulnerability to remotely execute code...

Apache InLong 代码问题漏洞

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. A code issue vulnerability exists in Apache InLong versions 1.4.0 to 1.8.0, which stems from the fact that some sensitive parameter...

Engelsystem Code Issue Vulnerability

Engelsystem is an open source shift scheduling system from Engelsystem. Engelsystem has a code issue vulnerability that stems from a Server Request Forgery SSRF vulnerability in the Import schedule feature...

CVE-2023-40142

CVE-2023-40142 is documented in multiple sources as a local elevation-of-privilege affecting Google Pixel components, stemming from a logic error in the code that bypasses carrier restrictions on the device. The Android Pixel bulletins and Red Hat/NVD records describe the issue as enabling local ...

Yifan YF325 httpd debug credentials leftover debug code vulnerability

Talos Vulnerability Report TALOS-2023-1752 Yifan YF325 httpd debug credentials leftover debug code vulnerability October 11, 2023 CVE Number CVE-2023-32645 SUMMARY A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.020221108. A specially...

ClaimConcentratedRewards and claimAmbientRewards don't update liquidity, enabling double rewards claims. Update liquidity after claims.

Lines of code Vulnerability details Impact The claimConcentratedRewards and claimAmbientRewards functions do not update the liquidity amount after withdrawing rewards. This could allow a user to withdraw rewards multiple times for the same liquidity. Proof of Concept The liquidity amount is not...

Users may be unable to claim their rewards and add/remove liquidity due exceeding gas limit

Lines of code Vulnerability details Impact If a user provides liquidity on ticks which are entered and exited a large number of times, the gas required to call the accrueConcentratedPositionTimeWeightedLiquidity can exceed the block gas limit. Proof of Concept The...

CVE-2023-3428

A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service...

function 'accrueInterest(address vToken)' allows too many rewards to be allocated

Lines of code Vulnerability details Impact Malicious users can increase the number of rewards they receive within a block. Proof of Concept In the Prime contract, marketsvToken.rewardIndex is used to determine how many rewards are allocated to Prime token holders, and its value can only be change...

Missing of the distribution state updating

Lines of code Vulnerability details Impact The getEffectiveDistributionSpeed can return incorrect information. It can return distributionSpeed but the accrueTokens function will increase tokenAmountAccruedtoken only for the difference between token.balanceOfaddressthis and tokenAmountAccruedtoken...

phpMyFAQ Code Issues Vulnerabilities

phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A code issue vulnerability exists in versions of phpMyFAQ prior to 3.1.18, which stems from not restricting the types of files that can be uploaded...