Lucene search
K

14 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2021-21326

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI befor...

7.7CVSS6.7AI score0.0138EPSS
Exploits0References2
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.5 views

Decayed voting power can be restored by delegating to newer lock

Lines of code Vulnerability details Impact Delegation to newer lock updates slope and bias of delegatee according to new delegated amount and lengthier lock time which leads to decayed voting power from delegator older lock to be restored // @audit - slope and bias being updated according to...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.11 views

Delegated Votes Blocking Delegator Undelegation

Lines of code Vulnerability details Impact Once a delegator has delegated their votes to a delegatee, and the delegatee employs those votes in an ongoing proposal, the delegator loses the ability to undelegate their votes. VotingEscrow::delegate is used to delegate user A's votes to User B. Once...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/28 12:0 a.m.7 views

[MEDIUM] NFTBoostVault#addNftAndDelegate - Not setting a delegatee in the addNftAndDelegate will cause the addTokens function and updateNft to revert

Lines of code Vulnerability details Impact The absence of a delegatee in the addNftAndDelegate function in the NFTBoostVault contract will cause the addTokens and updateNft functions to revert. This is due to the assumption that a delegatee has been set, which is not always true. This issue may...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/28 12:0 a.m.8 views

voting power is insufficiently tracked

Lines of code Vulnerability details Impact Historical balance tracking of votingPower is not stored due to values being updated in memory rather than storage. This means old delegatees may retain voting power which should have been removed from them, new delegatees may not not receive their...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/06/21 12:0 a.m.10 views

User who stakes into StRSRVotes doesn't have any voting power

Lines of code Vulnerability details Impact User who stakes into StRSRVotes doesn't have any voting power. This is not intuitive clear and user who thinks that he can vote, actually will not be able until he will delegate votes to himself. Proof of Concept StRSRVotes contract extends StRSR which h...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/08/27 12:0 a.m.11 views

User can lose all governance power

Lines of code Vulnerability details Impact Contract is missing self delegation in case of delegateBySig function. This means if delegateBySig is called with zero address delegatee then User votes will be burned instead of setting delegatee to signatory Proof of Concept 1. User calls delegateBySig...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2022/08/15 12:0 a.m.9 views

Functions quitLock and delegate fundamentally change game theory of VoteEscrow

Lines of code Vulnerability details Impact Without delegation it is not possible to remove voting power before the end of a lock. Function quitLock now makes this possible, but it does not just affect the user who quits the lock. Any votes that are delegated to them are temporarily lost from the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/08/15 12:0 a.m.10 views

A delegatee can frontrun the delegator's call to increaseUnlockTime to prevent the delegator to withdraw or quitlock

Lines of code Vulnerability details Impact Charlie and Alice both create a lock, with Alice's lock being longer than Charlie's. Charlie then delegates to Alice. At this point, if Charlie wants to unlock his tokens he can call withdraw or quitLock, but not with a delegation in place see 1, 2, so h...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/08/15 12:0 a.m.8 views

A malicious delegatee can always block the delegator from undelegating the lock

Lines of code Vulnerability details Impact A user who has delegated his/hers voting power to a delegatee can break his/hers delegate only by submitting a lock with a higher expiration time than the delegatee after a successful call to increaseUnlockTime function. After that, he has to call the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/08/15 12:0 a.m.10 views

The _checkpoint function won't be called for a user which is both a delegator and a delegatee in the increaseUnlockTime function

Lines of code Vulnerability details Impact The virtual balance of a user is calculated using 2 values - the amount that is delegated to that user, and his lock period. When calling the increaseUnlockTime function, we want to checkpoint the user's data as long as he doesn't have any funds. This is...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/08/15 12:0 a.m.8 views

Delegator funds can be stuck or face losses for up to a year through a bad delegatee.

Lines of code Vulnerability details Impact The contest documentation states: Users may delegate ther lock to another user whereby they give the delegatee control over their lock expiration and balance i.e. voting power. ... Moreover, the delegatee's lock expiration needs to be longer than the...

6.8AI score
Exploits0
Prion
Prion
added 2021/03/08 5:15 p.m.19 views

Design/Logic Flaw

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 it is possible to create tickets for another user with self-service interface without delegatee systems enabled. This is...

4CVSS6.3AI score0.0138EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/03/08 12:0 a.m.7 views

PT-2021-14423 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.4 Description: The issue allows creating tickets for another user with the self-service interface without having delegatee systems enabled. Recommendations: For versions prior to 9.5.4, update to version 9.5.4 to...

10CVSS6.3AI score0.99628EPSS
Exploits32References126
Rows per page
Query Builder