CVE-2023-7346 Ledger Bitcoin App 2.1.0 Address Derivation Error via Miniscript

Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of miniscript policies containing the a: fragment. Attackers can craft malicious miniscript policies...

PT-2023-22770 · Npm · @Web3-React/Eip1193 +4

Name of the Vulnerable Software and Affected Versions: @web3-react versions prior to the updated npm artifacts Description: The chainId may be outdated if the user changes chains as part of the connection flow, causing the value of chainId returned by useWeb3React to be incorrect. This can lead t...

Single-step process for critical admin transfer is risky

Handle 0xRajeev Vulnerability details Impact LongShort and Staker contracts have the notion of an “admin” address that is used within onlyAdmin or adminOnly modifiers for granting authorization to critical functions. Such contracts use a single-step ownership transfer of such admin addresses usin...

CVE-1999-1515

The CVE-1999-1515 entry describes a vulnerability in the TenFour TFS Gateway 4.0 where a non-default configuration enables a denial-of-service. The issue arises from messages with incorrect sender and recipient addresses, causing the gateway to repeatedly attempt to return the message every 10 se...