Upgraded Q -> M from 250 [1667617695647]

Judge has assessed an item in Issue 250 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 696 [1666361742731]

Judge has assessed an item in Issue 696 as Medium risk. The relevant finding follows: L05 - Usage of trasfer over call to send Ether could cause unexpected Reverts payablepayAddress.transferpayAmt; // royalty transfer to royaltyaddress The function payEther sends ether via transfer which passes a...

Upgraded G -> M from 553 [1666369528441]

Judge has assessed an item in Issue 553 as Medium risk. The relevant finding follows: 01 - payEther use transfer instead of call Replace line 154 for payablepayAddress.callvalue: payAmt"" Reason --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 400 [1666366548697]

Judge has assessed an item in Issue 400 as Medium risk. The relevant finding follows: Use address.call instead of payable.transfer Avoid use of transfer to send ether since transfer sends a fixed amount of gas and future gas cost change may cause revert, The receiving contract will also revert if...

Upgraded Q -> M from 424 [1664289758524]

Judge has assessed an item in Issue 424 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 238 [1664280434191]

Judge has assessed an item in Issue 238 as Medium risk. The relevant finding follows: 5. Wrong comparison result when the length is longer than 32 File: contracts\dnssec-oracle\BytesUtils.sol 44: function comparebytes memory self, uint offset, uint len, bytes memory other, uint otheroffset, uint...

Upgraded Q -> M from 399 [1664289734798]

Judge has assessed an item in Issue 399 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 704 [1664289585744]

Judge has assessed an item in Issue 704 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 357 [1664289665374]

Judge has assessed an item in Issue 357 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 496 [1663882181323]

Judge has assessed an item in Issue 496 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

CVE-2022-32277

Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specific findin...

PT-2022-21201 · Squiz · Squiz Matrix Cms

Name of the Vulnerable Software and Affected Versions: Squiz Matrix CMS version 6.20 Description: The issue is caused by a failure to correctly validate authorization when submitting a request to change a user's contact details, leading to an Insecure Direct Object Reference. This allows...

Upgraded Q -> M from 57 [1661963466075]

Judge has assessed an item in Issue 57 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 225 [1661964062759]

Judge has assessed an item in Issue 225 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 76 [1661962956364]

Judge has assessed an item in Issue 76 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 44 [1661943686466]

Judge has assessed an item in Issue 44 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

GHSA-CVX8-PPMC-78HM Duplicate Advisory: KubeVirt arbitrary host file read from the VM

Duplicate Advisory This advisory is a duplicate of GHSA-qv98-3369-g364. This link is maintained to preserve external references. Original Description Summary As part of a Kubevirt audit performed by NCC group, a finding dealing with systemic lack of path sanitization which leads to a path travers...

Malicious Package

Overview xo-twofa is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

High risk with links to code

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The...

Upgraded Q -> M from 219 [1657897148559]

Judge has assessed an item in Issue 219 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...