77 matches found
EUVD-2020-16059
Malware in sbrugna...
EUVD-2023-46895
Malicious code in bioql PyPI...
EUVD-2022-0912
Malicious code in bioql PyPI...
GHSA-Q6HV-WCJR-WP8H kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace
Impact Because UPDATE validation is not being applied, it is possible for an actor with access to an instance of the initializingworkspaces virtual workspace to run arbitrary patches on the status field of LogicalCluster objects while the workspace is initializing. This allows to add or remove an...
Linux Distros Unpatched Vulnerability : CVE-2020-23322
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is an Assertion in 'contextp-token.type == LEXERRIGHTBRACE || contextp-token.type == LEXERASSIGN || contextp-token.type == LEXERCOMMA' in...
GHSA-H5F8-CRRQ-4PW8 Contrast workload secrets leak to logs on INFO level
Impact When the Contrast initializer is configured with a CONTRASTLOGLEVEL of info or debug, the workload secret is logged to stderr and written to Kubernetes logs. Since info is the default setting, this affects all Contrast installations that don't customize their initializers' log level. The...
CVE-2022-39384
OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation the most prominent example being minimal proxies may be reentered if they make an untrusted non-view external cal...
DEBIAN-CVE-2024-39464
In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix notifier list entry init struct v4l2asyncnotifier has several listhead members, but only waitinglist and donelist are initialized. notifierentry was kept 'zeroed' leading to an uninitialized listhead. This...
CVE-2024-39464
In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix notifier list entry init struct v4l2asyncnotifier has several listhead members, but only waitinglist and donelist are initialized. notifierentry was kept 'zeroed' leading to an uninitialized listhead. This...
Malicious code in initializers (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in initializer (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-5261 Malicious code in initializer (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Proxy's logic contract relies on code in the constructor
Lines of code 122, 50, 25, 67, 98, 67, 22 Vulnerability details Logic contracts cannot rely on code in their constructors, because proxy contracts do not re-execute the logic contract's constructor - only its initializer. Move all code in the constructor to the initializer function. File:...
Proxy's logic contract relies on code in the constructor
Lines of code 122, 50, 25, 67, 98, 67, 22 Vulnerability details Impact Logic contracts cannot rely on code in their constructors, because proxy contracts do not re-execute the logic contract's constructor - only its initializer. Move all code in the constructor to the initializer function. File:...
CVE-2023-42449
Hydra is the two-layer scalability solution for Cardano. Prior to version 0.13.0, it is possible for a malicious head initializer to extract one or more PTs for the head they are initializing due to incorrect data validation logic in the head token minting policy which then results in an flawed...
Design/Logic Flaw
Hydra is the two-layer scalability solution for Cardano. Prior to version 0.13.0, it is possible for a malicious head initializer to extract one or more PTs for the head they are initializing due to incorrect data validation logic in the head token minting policy which then results in an flawed...
CVE-2023-42449 Malicious head initialiser can extract PTs from control of Hydra scripts, leading to locked participant commits or spoofed commits
Hydra is the two-layer scalability solution for Cardano. Prior to version 0.13.0, it is possible for a malicious head initializer to extract one or more PTs for the head they are initializing due to incorrect data validation logic in the head token minting policy which then results in an flawed...
CVE-2023-42449
Hydra (Cardano) prior to v0.13.0 has an input validation flaw in the head initialiser that lets a malicious head initialiser extract PTs for the head being initialised, bypassing checks in HeadTokens.hs and off‑chain code. This can enable the attacker to lock other participants’ committed funds (...
CVE-2023-42449 Malicious head initialiser can extract PTs from control of Hydra scripts, leading to locked participant commits or spoofed commits
Hydra is the two-layer scalability solution for Cardano. Prior to version 0.13.0, it is possible for a malicious head initializer to extract one or more PTs for the head they are initializing due to incorrect data validation logic in the head token minting policy which then results in an flawed...
The prime Initializer function in prime.sol is marked “virtual”
Lines of code Vulnerability details Impact The prime initializer is responsible for setting the state variables in the prime.sol contract. The deal breaker here is; Use of virtual - If the function in the parent contract is expected to be overridden in its child contracts, it should be declared a...