132 matches found
_mint721() function can be broken because of strict equality check on token balance
Handle jayjonah8 Vulnerability details Impact In NFTXMarketplaceZap.sol the mint721 function has a require check that the balance must be equal to the amount of vault tokens in the contract. uint256 balance = count BASE - count INFTXVaultvault.mintFee; requirebalance ==...
NFTXMarketplaceZap Performs A Dangerous Equality Check Which Can Brick Contract
Handle leastwood Vulnerability details Impact NFTXMarketplaceZap provides an interface for users to interact with NFTX vaults by buying, selling and swapping ERC1155/ERC721 tokens. The mint721 and mint1155 functions perform strict equality checks on the vaults token balance for the...
NFTXStakingZap Performs A Dangerous Equality Check Which Can Brick Contract
Handle leastwood Vulnerability details Impact NFTXStakingZap provides an interface for users to interact with NFTX vaults by adding ERC1155/ERC721 tokens as liquidity. The addLiquidity721WETH and addLiquidity1155WETH functions perform strict equality checks on the vaults balance for the...
CVE-2021-23436
This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...
CVE-2021-23436
This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...
Cesanta MJS 缓冲区错误漏洞
Cesanta MJS is an embedded JavaScript engine for C/C++, designed for microcontrollers with limited resources. A stack overflow vulnerability exists in parseequality in Cesanta MJS version 1.20.1. An attacker can exploit this vulnerability via specially crafted files to cause a denial of service...
International Women’s Day: Women in tech name their heroes
Happy Monday! And if you haven’t yet checked the significance of this day—March 8—before grabbing coffee, today is International Women’s Day IWD. Since March 19, 1911, the year the very first IWD was observed in several European countries, millions of people have been calling for women to be give...
Rust 安全漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in sodiumoxide crate for Rust versions prior to 0.2.5, which stems from generichash::Digest::eq comparing itself and thus has degenerate security properties. No details of the...
SUSE SLES12 Security Update : openldap2 (SUSE-SU-2020:3315-1)
This update for openldap2 fixes the following issues : CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules bsc1178387. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE securit...
Akamai Foundation and Employee Resource Groups Unite
Written by Kara DiGiacomo, Executive Director, Akamai Foundation and Marco Irizarry, Global Manger, Diversity, Inclusion and Social Responsibility On Giving Tuesday, we celebrate joining others in a global movement to give, collaborate, and transform communities and the world. As we think about h...
Toward Inclusive Language in Software
Akamai opposes racism in all its forms and is committed to providing an inclusive, fair, and respectful environment for both our customers and our employees. As part of this commitment, we are joining other technology-industry leaders in removing biased, oppressive, and racially insensitive...
SUSE-SU-2020:3315-1 Security update for openldap2
This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules bsc1178387...
SUSE-SU-2020:14541-1 Security update for openldap2
This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules bsc1178387...
An issue was discovered in the OpenSSL library in Ruby before 2.3.8 2.4.x before 2.4.5 2.5.x before 2.5.2 and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using == depending on the ordering non-equal objects may return true. When the first argument is one character longer than the second or the second argument contains a character that is one less than a character in the same position of the first argument the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
...
OpenJDK: Unexpected exception raised by DerValue.equals() (Libraries, 8237736)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols ...
Message from Eva Chen – as a human being, not a CEO: We need to speak out and act against racism
I would like to express my outrage over the brutal killings of George Floyd, Breonna Taylor, and Ahmaud Arbery – not as the CEO of an international company, but as a human being and a citizen of the world. It makes me very sad, but also intensely frustrated and angry to realize how little is bein...
How Do We Bring Equality to Data Ownership and Usage?
Computational biologist Laura Boykin says scientists are “asleep at the wheel”; activist Malkia Devich-Cyril says citizens also need to pressure technology companies to change...
Slither v0.6.7 - Static Analyzer For Solidity
Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code...
Increasing Female Leadership in Technology
The lack of women in technology is a well-documented issue. In the United States, women account for only about 25% of computer and mathematical occupations, and only about 16% of engineering jobs. Worse still, women hold only 5% of leadership positions in the tech industry. Clearly the industry h...
Important: Red Hat Security Advisory: ruby security update
An update for ruby is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...