31 matches found
PT-2026-36329
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the crypto CCP component when retrieving the PEK CSR. If a firmware command fails, specifically due to an invalid length where the userspace buffer is too small, the...
CVE-2023-47634
Decidim is a participatory democracy framework. Starting in version 0.10.0 and prior to versions 0.26.9, 0.27.5, and 0.28.0, a race condition in the endorsement of resources for instance, a proposal allows a user to make more than once endorsement. To exploit this vulnerability, the request to se...
Race condition
Decidim is a participatory democracy framework. Starting in version 0.10.0 and prior to versions 0.26.9, 0.27.5, and 0.28.0, a race condition in the endorsement of resources for instance, a proposal allows a user to make more than once endorsement. To exploit this vulnerability, the request to se...
Race Condition
Overview Affected versions of this package are vulnerable to Race Condition in the endorsement of resources, such as a proposal, which allows a user to make more than one endorsement by sending the request to set an endorsement several times in parallel. Workaround This vulnerability can be...
CVE-2023-47634 Decidim has race condition in Endorsements
Decidim is a participatory democracy framework. Starting in version 0.10.0 and prior to versions 0.26.9, 0.27.5, and 0.28.0, a race condition in the endorsement of resources for instance, a proposal allows a user to make more than once endorsement. To exploit this vulnerability, the request to se...
CVE-2023-47634
CVE-2023-47634 affects Decidim, a Ruby on Rails participatory democracy framework. The vulnerability is a race condition in the endorsement of resources (e.g., proposals) that can allow a user to submit more than one endorsement when multiple endorsement requests are sent in parallel. Affected ve...
CVE-2023-47634 Decidim has race condition in Endorsements
Decidim is a participatory democracy framework. Starting in version 0.10.0 and prior to versions 0.26.9, 0.27.5, and 0.28.0, a race condition in the endorsement of resources for instance, a proposal allows a user to make more than once endorsement. To exploit this vulnerability, the request to se...
PT-2024-13464 · Decidim · Decidim
Name of the Vulnerable Software and Affected Versions: Decidim versions 0.10.0 through 0.26.8 Decidim versions 0.27.0 through 0.27.4 Decidim versions 0.28.0 is not affected, but versions prior to 0.28.0 are affected, so the correct range is: Decidim versions 0.10.0 through 0.27.4 and version 0.28...
Race condition in Endorsements
Impact A race condition in the endorsement of resources for instance, a proposal allows a user to make more than once endorsement. To exploit this vulnerability, the request to set an endorsement must be sent several times in parallel. Workarounds Disable the Endorsement feature in the components...
Elon Musk Is Giving QAnon Believers Hope Just in Time for the 2024 Elections
Musk’s recent use of the term “QAnon” is his most explicit endorsement of the movement to date. Conspiracists have since spent days dissecting its meaning and cheering on his apparent support...
Cross Site Scripting (XSS)
Decidim is vulnerable to Cross Site Scripting XSS vulnerability. The vulnerability is due to not sanitising user input correctly while processing proposals leading to attacker make other users endorse or support proposals they have no intention of supporting or endorsing...
Decidim Cross-site Scripting vulnerability in the external link redirections
Impact The external link feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization in the processes filter. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to...
GHSA-5652-92R9-3FX9 Decidim Cross-site Scripting vulnerability in the processes filter
Impact The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of...
modellmobildresden.de Cross Site Scripting vulnerability OBB-3456592
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
SUSE CVE-2022-1053
Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an...
Kim Kardashian gets huge fine for crypto ad
The Securities and Exchange Commission SEC announced in a recent press release that it's charging celebrity influencer Kim Kardashian for violating Section 17b of the Securities Act of 1933, or the anti-touting provision. Kardashian was paid to promote EthereumMax or EMAX, a crypto asset security...
User with 33% votes held can execute self-endorsed Proposal
Lines of code Vulnerability details Impact Two issues here with one being low/medium and another being high severity. Not sure if it should be put into 2 separate reports. For OlympusGovernance contract in Governance.sol , a Proposal submitter can self-endorse a proposal they submitted themselves...
In Governance.sol, it might be impossible to activate a new proposal forever after failed to execute the previous active proposal.
Lines of code Vulnerability details Impact Currently, if users vote for the active proposal, the VOTES are transferred to the contract so that users can't vote or endorse other proposals while the voted proposal is active. And the active proposal can be replaced only when the proposal is executed...
USER CAN BLOCK GOVERNANCE VOTING BY SUBMITTING MULTIPLE PROPOSALS
Lines of code Vulnerability details Impact A user can submit multiple proposals and then endorse each one of them to be able to activate them, and because the Governance contract allow only one active proposal, this user will be able to always activate his proposals and thus not allowing any othe...