CVE-2023-32006

The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note th...

Missing validation for the _l1TimelockMinDelay parameter in the constructor to ensure it's within a reasonable or expected range.

Lines of code Vulnerability details Impact The constructor accepts a parameter l1TimelockMinDelay and assigns it to l1TimelockMinDelay without performing any validation checks. This means potentially erroneous or extreme values can be set, which could cause undesired behaviors in the system or op...

RemoteOwner circular dependency at deployment time

Lines of code Vulnerability details Impact The RemoteOwner.sol contract has a security measure that ensures the sender from the remote/origin chain was the origin chain owner i.e. a RngAuctionRelayerRemoteOwner.sol deployment, and this address is set at deployment time in the constructor. The...

Add access control to inti constructor like function

Lines of code Vulnerability details Impact Not adding access control to init function would allow for frontrunning and injection of malicious code Proof of Concept event MinDebtRateUpdateduint256 oldVal, uint256 newVal; /// @notice event emitted when the maximum debt rate is updated event...

PowerJob Command Execution Vulnerability

PowerJob is an open source distributed computing and job scheduling framework that allows developers to easily schedule tasks in their applications. A command execution vulnerability exists in PowerJob version 4.3.3, which stems from the parameter instanceId of /instance/detail failing to properl...

SUSE CVE-2023-39018

FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple third parties because there are no realistic use cases in which...

The FollowNFT.initialize() function will never be executed

Lines of code Vulnerability details Impact This function Initializes the follow NFT. To check if a function has already been initialized use: if initialized revert Errors.Initialized; This condition will always end with revert Errors.Initialized, because in the constructor, when expanding the...

Function initialize Not Work

Lines of code Vulnerability details Impact As mentioned in the comment of the function initialize, "This is called right after deployment by the LensHub, so we can skip the onlyHub check". However, when the contract FollowNFT is deployed, the state variable initialized is set to true in the...

GHSA-2JX3-FX5F-R2C6 FFmpeg discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>

Withdrawn This advisory has been withdrawn because it has been found to be disputed. Please see the issue here for more information. Original Despcription FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.. This vulnerability ...

CVE-2023-39018

FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple third parties because there are no realistic use cases in which...

Code injection

FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple third parties because there are no realistic use cases in which...

NFTBoostVault is not a proper implementation/logic contract in upgradeability system

Lines of code Vulnerability details Impact As per the natspec comments in the NFTBoostVault contract, the NFTBoostVault contract "is Simple Proxy upgradeable which is the upgradeability system used for voting vaults in Council". This implies that this contract will be used as the...

CVE-2023-39018

FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple third parties because there are no realistic use cases in which...

Incorrect distribution of shares and liquidity as a result of total number of shares not equaling 100

Lines of code Vulnerability details Impact If the shares are not properly validated and do not add up to 100, there will be an imbalance in the distribution of funds resulting in loss of funds or locked funds that cannot be accessed or distributed correctly. Proof of Concept The constructor of th...

TOTOLINK A3300R 操作系统命令注入漏洞

TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. A code execution vulnerability exists in the TOTOLINK A3300R. The vulnerability stems from the lang parameter of the setLanguageCfg method failing...

GHSA-WJ7Q-GJG8-3CPM league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase

Impact Servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException message if they did not provide a valid pass phrase for the key where required. Patches This issue has been patched so that the provided key is...

league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase

Impact Servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException message if they did not provide a valid pass phrase for the key where required. Patches This issue has been patched so that the provided key is...

Design/Logic Flaw

league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException...

CVE-2023-37260 league/oauth2-server key exposed in exception message when passing as string and providing invalid pass phrase

league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException...

Security Bulletin: IBM Match 360 is vulnerable to SnakeYaml's Constructor() class that not restrict types which can be instantiated during deserialization (CVE-2022-1471)

Summary SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict...