stellar-strkey vulnerable to panic in SignedPayload::from_payload

Impact Panic vulnerability when a specially crafted payload is used. This is because of the following calculation: rust innerpayloadlen + 4 - innerpayloadlen % 4 % 4 If innerpayloadlen is 0xffffffff, 4 - innerpayloadlen % 4 % 4 = 1 so rust innerpayloadlen + 4 - innerpayloadlen % 4 % 4 = u32::MAX ...

TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin

Impact A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before being stored in the undo stack. If t...

Upgraded Q -> 2 from #55 [1693255720314]

Judge has assessed an item in Issue 55 as 2 risk. The relevant finding follows: If we take a look at the EIP712 standard it states the following The array values are encoded as the keccak256 hash of the concatenated encodeData of their contents i.e. the encoding of SomeType5 is identical to that ...

CVE-2023-36807

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In version 2.10.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single co...

Piwigo 11.0.x < 13.6.0 SQLi Vulnerability

Piwigo is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:piwigo:piwigo"; if...

go-toolset:Rocky Linux8 security and bug fix update

An update is available for delve, module.go-toolset, golang, module.golang, go-toolset, module.delve. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset...

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow via the component jsproxyisArray. Remediation Upgrade quickjs to version 2024-01-13 or higher. References - GitHub Issue Credit: @Ye0nny @EJueon of the seclab-yonsei...

CVE-2023-29935

llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.countop && "operation was already replaced...

Upgraded Q -> 3 from #883 [1682591277339]

Judge has assessed an item in Issue 883 as 3 risk. The relevant finding follows: As such, if deposit or withdraw reverts for any derivative, stake and unstake will fail. This could cause stake and unstake to permanently revert for an prolonged period of time, as it is possible for deposit and...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the handledotlabel function at /nasm/nasm-token.re. Remediation There is no fixed version for yasm. References - GitHub Issue Credit: randomssr...

Upgraded Q -> 2 from #219 [1681246395864]

Judge has assessed an item in Issue 219 as 2 risk. The relevant finding follows: Emojis split in different lines --- The text was updated successfully, but these errors were encountered: All reactions...

CVE-2023-29416

An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3decodeblock out-of-bounds write can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais...

CVE-2023-29418

An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an xwrite out-of-bounds read...

CVE-2022-36440

A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peekforas4capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS...

Upgraded Q -> 2 from #60 [1679803335439]

Judge has assessed an item in Issue 60 as 2 risk. The relevant finding follows: LiquidityPool.sol: If the fee recipient is not set then all LP operations such as deposits and withdrawals will fail. Consider making fee transfers optional depending on whether a fee recipient and percentage is set -...

CVE-2023-1448

A vulnerability, which was classified as problematic, was found in GPAC 2.3-DEV-rev35-gbbca86917-master. This affects the function gfm2tsprocesssdt of the file mediatools/mpegts.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been...

GHSA-PFVH-P8QP-9WW9 Gogs OS Command Injection vulnerability

Impact The malicious user is able to update a crafted config file into repository's .git directory in combination with crafted file deletion to gain SSH access to the server on case-insensitive file systems. All installations with repository upload enabled default on case-insensitive file systems...

Upgraded Q -> 3 from #460 [1677510923458]

Judge has assessed an item in Issue 460 as 3 risk. The relevant finding follows: Lines of code Vulnerability details Impact The safeTransferFrom function on the ClearingHouse is normally used when an OpenSea auction successfully ends and the required ERC20/WETH have been transferred to the...

Upgraded Q -> 3 from #71 [1676966386580]

Judge has assessed an item in Issue 71 as 3 risk. The relevant finding follows: L-04 onlyMinter modifier is not working as expected Description onlyMinter can be bypasssed by anyone due to an invalid check: modifier onlyMinter msg.sender == minterAddress; ; Thus, everyone can mint tokens: functio...

Arbitrary File Read

Overview Affected versions of this package are vulnerable to Arbitrary File Read via the ReadTextAsync method due to missing filtering. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Issue - GitHub Release Credit: Chaitin Security Research Lab...