Call to safeApprove without checking previous allowance in burnFees could result in locked funds

Lines of code Vulnerability details Impact Using this deprecated function can lead to unintended reverts and potentially the locking of funds. A deeper discussion on the deprecation of this function is in OZ issue 2219 OpenZeppelin/openzeppelin-contracts2219. Proof Of Concept Refer to the burnFee...

call() should be used instead or transfer() on an address payable

Lines of code Vulnerability details This is a classic Code4rena issue: code-423n4/2021-04-meebits-findings2 code-423n4/2021-10-tally-findings20 code-423n4/2022-01-openleverage-findings75 Impact The use of the deprecated transfer function for an address will inevitably make the transaction fail...

Use of deprecated Chainlink function latestAnswer

Lines of code Vulnerability details Impact Use of deprecated Chainlink function latestAnswer According to Chainlink's documentation, the latestAnswer function is deprecated. This function does not error if no answer has been reached but returns 0, causing an incorrect price feed to USDC Price...

call() should be used instead of transfer() on an address payable

Lines of code Vulnerability details This is a classic Code4rena issue: instead of call , transfer is used to withdraw the ether 2021-04-meebits-findings2 Swap.sol implements potentially dangerous transfer 2021-10-tally-findings20 OpenLevV1Lib's and LPool's doTransferOut functions call native...

Using deprecated Chainlink function latestAnswer() in PriceOracleImplementation.sol

Lines of code Vulnerability details Impact In the function getUnderlyingPrice, Chainlink's latestAnswer is used and this function is deprecated and should not be used as this function returns 0 when there is no data rather than giving out error. Precedent of this issue can be found in...

Usage of deprecated Chainlink oracle function

Lines of code Vulnerability details Impact The Chainlink oracle latestAnswer function is deprecated. Instead, you're supposed to use latestRoundData. Using deprecated functions can result in the PriceOracleImplementation not returning the correct value anymore. It will affect the availability of...

Usage of deprecated Chainlink functions

Lines of code Vulnerability details Impact The Chainlink function latestAnswer is deprecated. Instead, use latestRoundData. As seen in the changelog, Chainlink encourages people to use the latestRoundData function. It's not clear when the support for deprecated functions ends. Here's the same iss...

Usage of deprecated Chainlink's latestAnswer function

Lines of code Vulnerability details Impact Contracts NFTVault.sol and FungibleAssetVaultForDAO use Chainlink's latestAnswer as an oracle for prices of multiple assets. This function will return the last value, but it is not possible to check if the provided data is fresh. In addition latestAnswer...

Use of deprecated Chainlink function latestAnswer

Lines of code Vulnerability details function getCurrentPriceaddress asset external view overrideProviderOracleManager, IProviderOracleManager returns uint256 address assetOracle = getAssetOracleasset; IEACAggregatorProxy aggregator = IEACAggregatorProxyassetOracle; int256 answer =...

glibc: Stack-based buffer overflow in sunrpc clnt_create via a long pathname

A stack based buffer-overflow vulnerability was found in the deprecated compatibility function clntcreate in the sunrpc's clntgen.c module of the GNU C Library aka glibc through 2.34. This vulnerability copies its hostname argument onto the stack without validating its length, which may result in...

Use of deprecated Chainlink function latestAnswer

Handle WatchPug Vulnerability details According to Chainlink's documentation, the latestAnswer function is deprecated. This function does not revert if no answer has been reached but returns 0, causing an incorrect price fed to the EIP1271Wallet. See: code-423n4/2021-07-wildcredit-findings75 ---...

Use of deprecated Chainlink latestAnswer()

Handle sirhashalot Vulnerability details Impact Chainlink's documentation listed the latestAnswer function as deprecated. This function doesn't revert if no answer is available but returns 0, and the return value of latestanswer is not checked in the Notional code. In fact, Chainlink removed thei...

The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length which may result in a buffer overflow potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

...

CVE-2022-23219

A stack based buffer-overflow vulnerability was found in the deprecated compatibility function clntcreate in the sunrpc's clntgen.c module of the GNU C Library aka glibc through 2.34. This vulnerability copies its hostname argument onto the stack without validating its length, which may result in...

CVE-2022-23219

The deprecated compatibility function clntcreate in the sunrpc module of the GNU C Library aka glibc through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or if an application is no...

Insecure Temporary File in horovod/horovod

Description horovod package is using the deprecated function tempfile.mktemp which is not secure. Because a different process may create a file with this name in the time between the call to mktemp and the subsequent attempt to create the file by the first process. Impact Availability will get...

Use of deprecated Chainlink function latestAnswer

Handle shw Vulnerability details Impact According to Chainlink's documentation, the latestAnswer function is deprecated. This function does not error if no answer has been reached but returns 0, causing an incorrect price fed to the Buoy3Pool. Proof of Concept Referenced code: Buoy3Pool.solL207...

Fedora 29 : nfdump (2019-9013b5e75d)

2019-08-14 - Fix compile issues - Fix output buffer size for lzo1xdecompresssafe 2019-08-07 - Fix VerifyExtensionMap 179 2019-08-06 - Fix compile errors 2019-08-05 - Fix nfdump.1 man page. 175 - Fix off by 1 array. 173 - Fix use after free in ModifyCompressFile - Add bound checks in AddExporterSt...

php: openssl_random_pseudo_bytes() is not cryptographically secure

The opensslrandompseudobytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RANDpseudobytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified...

imansearch.com XSS vulnerability

Vulnerable URL: http://imansearch.com/ Deprecated: Function eregireplace is deprecated in /home3/zaneer/publichtml/imansearch/include/searchfuncs.php on line 45 Deprecated: Function eregireplace is deprecated in /home3/zaneer/publichtml/imansearch/include/searchfuncs.php on line 45 Deprecated:...