9165 matches found
The Risks and Preventions of AI in Business: Safeguarding Against Potential Pitfalls
Artificial intelligence AI holds immense potential for optimizing internal processes within businesses. However, it also comes with legitimate concerns regarding unauthorized use, including data loss risks and legal consequences. In this article, we will explore the risks associated with AI...
No fee swap is possible through addLiquidity and removeLiquidityImbalanced
Lines of code Vulnerability details impact Some will not pay swap fees even after the swap fee is added. proof of concept This is equivalent to swap 1000 tokenA to 500 tokenB, but no fee calculation code lies in adding and removing liquidity. Add this test in Well.AddLiquidity.t.sol. function...
Absence of Function calcReserve(...) at src/interfaces/IBeanstalkWellFunction.sol
Lines of code Vulnerability details Impact Absence of Function calcReserve... at src/interfaces/IBeanstalkWellFunction.sol will affect the implementation of the function, the implementation is done in src/functions/ConstantProduct2.sol but the implementation cannot be accessed at...
You can expand your version of well in Aquifer.boreWell() with unpredictable results
Lines of code Vulnerability details Impact boreWell takes an implementation parameter. This parameter is not checked in any way. Thus, the user can pass any of his parameters and expand his well option. This can lead to unpredictable consequences. Proof of Concept 1. The user creates his own...
CVE-2023-37260
league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException...
Weak Cryptography
github.com/bishopfox/sliver is vulnerable to weak cryptography. The vulnerability exists because it does not properly implement Nacl Box libsodium, which allows an attacker to execute arbitrary codes on implanted devices and intercept user responses...
[H] Users can lose funds if they call depositEtherToMint
Lines of code Vulnerability details Impact Due to only an interface implementation of function submit in Lido contract, users will lose funds due to non-existent implementation. Proof of Concept The comments in the code suggest that when users deposit ETH, it should be directly deposited into the...
WhatsApp Upgrades Proxy Feature Against Internet Shutdowns
Meta's WhatsApp has rolled out updates to its proxy feature, allowing more flexibility in the kind of content that can be shared in conversations. This includes the ability to send and receive images, voice notes, files, stickers and GIFs, WhatsApp told The Hacker News. The new features were firs...
CVE-2023-21200
In onremoveisodatapath of btmisoimpl.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
PT-2023-17969 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android version Android-13 Description: In the xmlParseTryOrFinish function of parser.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution...
impl `FromMdbValue` for bool is unsound
The implementation of FromMdbValue have several unsoundness issues. First of all, it allows to reinterpret arbitrary bytes as a bool and could make undefined behavior happen with safe function. Secondly, it allows transmuting pointer without taking memory layout into consideration. The details of...
How medical device manufacturers can address new FDA cybersecurity guidelines
Advancements in technology in the healthcare industry have made medical devices increasingly vulnerable to cyber attacks. To embed better security practices into the manufacturing and implementation of medical devices, the FDA released a new mandate requiring a comprehensive cybersecurity plan fo...
USN-6186-1: Linux kernel vulnerabilities
Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrar...
M-03 Unmitigated
Lines of code Vulnerability details Mitigation of M-03: Issue not mitigated, see comments Link to Issue: code-423n4/2023-05-ambire-findings16 Comments The issue is not mitigated. There is an error in the implementation of the mitigation of M-03. See report adriro-MR-M-03-ERROR for details. Assess...
USN-6175-1: Linux kernel vulnerabilities
Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrar...
USN-6173-1: Linux kernel (OEM) vulnerabilities
Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-31436 It was discovered that the...
@apollo/server vulnerable to unsafe application of Content Security Policy via reused nonces
Context Content Security Policies CSP are a defense-in-depth strategy against XSS attacks. Improper application of CSP isn't itself a vulnerability, but it does fail to prevent XSS in the event that there is a viable attack vector for an XSS attack. Impact There aren't any XSS attack vectors via...
USN-6162-1: Linux kernel (Intel IoTG) vulnerabilities
Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrar...
CVE-2023-24535
A flaw was found in the golang implementation of the protobuf protocol. This issue occurs when parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input, which will cause a panic...
Complete SSO at CWA launch
Once CWA.exe starts user is not fully signed in user uses SAML to sign in to their local machine. User will need to interactive with CWA Launch a resource or refresh CWA to complete the authentication which results enumeration for new changes for the CWA. How to achieve SSO at CWA.exe at launch s...