22 matches found
zkVM Underconstrained Vulnerability
Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction including remu and divu in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnerable to an attack by a malicious prover. The main idea for the attack is to confuse the RISC-V virtual machine into treating the value of th...
currentCohort FUNCTION SHOULD REVERT WHEN electionCount == 0 RATHER THAN RETURNING Cohort.FIRST
Lines of code Vulnerability details Impact In the SecurityCouncilNomineeElectionGovernor.currentCohort function is used to retrieve the current Cohort of the contract. For a cohort to be elected the election should be created with the respective proposal Id. But with in the function scope of...
CVE-2023-37480 Fides Webserver Vulnerable to Zip Bomb File Uploads
Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service DoS attack. Attackers can exploit a weakness in the connector template upload feature to upload a malicious zip bomb...
CVEs: What They Are, and Ways to Mitigate Their Impact
...
Preventing and Detecting Attacks Involving 3CX Desktop App
In this blog entry, we provide technical details and analysis on the 3CX attacks as they happen. We also discuss available solutions which security teams can maximize for early detection and mitigate the impact of 3CX attacks...
GSD-2023-1002256 net: mlx5: eliminate anonymous module_init & module_exit
net: mlx5: eliminate anonymous moduleinit & moduleexit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.272 by commit...
GSD-2022-1005022 Revert "md-raid: destroy the bitmap after destroying the thread"
Revert "md-raid: destroy the bitmap after destroying the thread" This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.6 by commit...
Upgraded Q -> M from 333 [1659114494203]
Judge has assessed an item in Issue 333 as Medium risk. The relevant finding follows: 2. Marketplace assumes tokens are already sent Description: The Marketplace looks like a convienance router contract for the lenders to easily interact with Illuminate on chain. However, in methods...
Basket becomes unusable if everybody burns their shares
Handle kenzo Vulnerability details While handling the fees, the contract calculates the new ibRatio by dividing by totalSupply. This can be 0 leading to a division by 0. Impact If everybody burns their shares, in the next mint, totalSupply will be 0, handleFees will revert, and so nobody will be...
Swivel: Taker is charged fees twice in exitVaultFillingVaultInitiate
Handle itsmeSTYJ Vulnerability details Impact Taker is charged fees twice in exitVaultFillingVaultInitiate . Maker is transferring less than premiumFilled to taker and then taker is expected to pay fees i.e. taker's net balance is premiumFilled - 2fee Recommended Mitigation Steps function...
Information Disclosure in WildFire Appliance (WF-500)
Palo Alto Networks has determined that the WildFire Appliance WF-500 is affected by the vulnerability disclosure known as LazyFP and has completed an update to address these issues. The WildFire Appliance WF-500 software update is now available to customers that use the WildFire Appliance WF-500...
Katie Moussouris on Free ISO 29147
Threatpost Op-Ed is a regular feature where experts contribute essays and commentary on what’s happening in security and privacy. Today’s contributor is Katie Moussouris @k8em0. Today marks an exciting development in the often monotonous rehashing of vulnerability disclosure. The ISO standard tha...
SNMP Version 3 Authentication Vulnerabilities
Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 SNMPv3 feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network informati...
CVE-2023-45817
...
CVE-2022-4538
...
CVE-2022-42741
...
CVE-2018-3678
...
CVE-2018-4609
...
CVE-2019-11142
...
CVE-2022-4685
...