105 matches found
PT-2022-9017 · Unknown · Sah-Comp Bienlein
Name of the Vulnerable Software and Affected Versions: sah-comp bienlein affected versions not specified Description: A vulnerability was found in sah-comp bienlein and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The...
CVE-2020-36622
CVE-2020-36622 affects sah-comp bienlein. The vulnerability is a cross-site request forgery (CSRF) arising from unknown processing within Bienlein, with the attack potentially initiated remotely. The record consistently notes a patch identified by the hash d7836a4f2b241e4745ede194f0f6fb47199cab6b...
CVE-2020-36622 sah-comp bienlein cross-site request forgery
A vulnerability was found in sah-comp bienlein and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is d7836a4f2b241e4745ede194f0f6fb47199cab6b. It is recommende...
User can claim double comp in one function call
Lines of code Vulnerability details Impact Comptroller.seizeAllowed and Comptroller.transferAllowed are functions that call distributeSupplierComp twice without ensuring the address for the supplier param are not the same. So when seizeAllowed with borrower and liquidator as same user address or...
MAL-2022-4624 Malicious code in mitui-comp-tag-picker (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b76c76ef883185b36203df9457e86bbd6a4054f008255cceb2c08a5f522ed83e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4620 Malicious code in mitui-comp-content (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 887a76b13f2d6c07f7fa7439aed531f8576a90efa6e59062a384744b475f9463 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in mitui-comp-content (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 887a76b13f2d6c07f7fa7439aed531f8576a90efa6e59062a384744b475f9463 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in mitui-comp-follow-button (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ec2258f4ac3890208ab0a86cfa7870e80a344822c1754abc483caa4d7aede97 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in mitui-comp-group-collab (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8232244bfded64b4f0b3cc3cedc836a75ecb284117560e43b17f53124a11edad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4622 Malicious code in mitui-comp-follow-button (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ec2258f4ac3890208ab0a86cfa7870e80a344822c1754abc483caa4d7aede97 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4623 Malicious code in mitui-comp-group-collab (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8232244bfded64b4f0b3cc3cedc836a75ecb284117560e43b17f53124a11edad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4619 Malicious code in mitui-comp-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 006156deee84da1f8ec4b6c671c048f4204524d86e9aa7bdf1d5f8fc5dd8b7b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in mitui-comp-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 006156deee84da1f8ec4b6c671c048f4204524d86e9aa7bdf1d5f8fc5dd8b7b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in mitui-comp-conversation (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0709ccb2172dbf70c47160b07948c58ff40720f84c0f468dd654692db5275ebf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4621 Malicious code in mitui-comp-conversation (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0709ccb2172dbf70c47160b07948c58ff40720f84c0f468dd654692db5275ebf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
COMP Distributions Can Be Manipulated And Duplicated Across Any Number Of Accounts
Lines of code Vulnerability details Impact The updateCompSupplyIndex and distributeSupplierComp functions are used by Compound to track distributions owed to users for supplying funds to the protocol. Bunker protocol is a fork of compound with NFT integration, however, part of the original...
Treasury cannot claim COMP tokens & COMP tokens are stuck
Handle cmichel Vulnerability details The TreasuryAction.claimCOMPAndTransfer function uses pre- and post-balances of the COMP token to check which ones to transfer: function claimCOMPAndTransferaddress calldata cTokens external override onlyManagerContract nonReentrant returns uint256 // Take a...
Users Can Deny The Treasury Manager Contract From Claiming COMP Incentives
Handle leastwood Vulnerability details Impact The treasury manager is appointed by the Notional DAO and is tasked with harvesting rewards both COMP incentives and assets from Notional and performing NOTE buybacks using WETH. The TreasuryManager.harvestCOMPFromNotional function is only callable by...
ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c
There is a heap-based buffer over-read in the ncfindentry function in tinfo/comphash.c in the terminfo library in ncurses before 6.1-20191012...
Compound DeFi Platform Gives Out $90M
Compound, an Ethereum-based decentralized finance DeFi platform, accidentally gave out $90 million to its users in a botched upgrade. Now, the owners would appreciate it if they gave it back. Compound might even be willing to throw in a 10 percent “reward,” it said. On the flip side, those who...