4419 matches found
Borrower cannot change market capacity (max total supply) after creating a market
Lines of code Vulnerability details Impact As per docs, "Subsequent to launch, base APR and capacities can be adjusted by the borrower at will". After creating a market, a borrower cannot increase the maximum total supply which contradicts the documentation. Proof of Concept The...
dtale vulnerable to Remote Code Execution through the Custom Filter Input
Impact Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Patches Users should upgrade to version 3.7.0 where the "Custom Filter" input is turned off by default. You can find out more information on how to turn it back ...
Centralisation risk
Lines of code Vulnerability details Impact The protocol has a onlyGovernor role with privileged rights to perform administrator tasks that can affect users. Proof of Concept The governorhave control over crucial function that can be updated and change according to the governor discretion. functio...
Information Disclosure
@tauri-apps/cli is vulnerable to Information Disclosure. This vulnerability is due to a commonly used misconfiguration which leads to the leakage of the private key and updater key password. If envPrefix: 'VITE', 'TAURI', was pasted from the documentation into vite.config.ts, the TAURIPRIVATEKEY...
GATOR - GCP Attack Toolkit For Offensive Research, A Tool Designed To Aid In Research And Exploiting Google Cloud Environments
GATOR - GCP Attack Toolkit for Offensive Research , a tool designed to aid in research and exploiting Google Cloud Environments. It offers a comprehensive range of modules tailored to support users in various attack stages, spanning from Reconnaissance to Impact. Modules Resource Category |...
GHSA-2RCP-JVR4-R259 Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables
Impact This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications using the Vite frontend in a specific configuration. The Tauri...
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables
Impact This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications using the Vite frontend in a specific configuration. The Tauri...
CVE-2023-46115
Tauri is a framework for building binaries for all major desktop platforms. This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications...
CVE-2023-46115 Updater Private Keys Possibly Leaked via Vite Environment Variables in tauri-cli
Tauri is a framework for building binaries for all major desktop platforms. This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications...
BIT-2023-44981
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...
GHSA-V23W-PPPM-JH66 Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries
Impact An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user accou...
Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries
Impact An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user accou...
[SECURITY] Fedora 38 Update: composer-2.6.5-1.fc38
Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...
[SECURITY] Fedora 37 Update: composer-2.6.5-1.fc37
Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...
PyTorch Model Server Registration / Deserialization Remote Code Execution Exploit
The PyTorch model server contains multiple vulnerabilities that can be chained together to permit an unauthenticated remote attacker arbitrary Java code execution. The first vulnerability is that the management interface is bound to all IP addresses and not just the loop back interface as the...
CVE-2023-45142
creationtimestamp| type| source ---|---|--- 2023-10-12 13:11:24+00:00| published-proof-of-concept| https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr 2023-10-12 20:23:27+00:00| seen| https://t.me/cibsecurity/72188 2025-01-28 13:36:28+00:00| seen|...
SUSE-SU-2023:4060-1 Security update for rage-encryption
This update for rage-encryption fixes the following issues: -CVE-2023-42811: chosen ciphertext attack possible against aes-gcm bsc1215657 update vendor.tar.zst to contain aes-gcm = 0.10.3 - Update to version 0.9.2+0: CI: Ensure apt repository is up-to-date before installing build deps CI: Build...
CVE-2023-44981 Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...
apache -- Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication
[email protected] reports: Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is liste...
com.infomaximum:network (>=1.1.3p8 <=1.1.3p10), com.infomaximum:platform (>=0.1.6p17 <=0.1.13p1) +11 more potentially affected by CVE-2023-36478 via org.eclipse.jetty.http3:http3-qpack (>=11.0.10 <=11.0.15)
org.eclipse.jetty.http3:http3-qpack MAVEN version =11.0.10, =1.1.3p8, =0.1.6p17, =0.2.0, =0.2.0, =0.2.0, =11.0.10, =11.0.10, =11.0.10, =11.0.10, =11.0.10, =11.0.10, =11.0.10, =11.0.15 Source cves: CVE-2023-36478 Source advisory: OSV:GHSA-WGH7-54F2-X98R...