CVE-2022-1834

When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown...

CVE-2022-1834

When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown...

FTC Fines Fortnite Maker Epic Games $275 Million for Violating Children's Privacy Law

Epic Games has reached a $520 million settlement with the U.S. Federal Trade Commission FTC over allegations that the Fortnite creator violated online privacy laws for children and tricked users into making unintended purchases in the video game. To that end, the company will pay a record $275...

reentrancy

Lines of code Vulnerability details Impact If an attacker were able to successfully exploit a reentrancy vulnerability in this contract, they could potentially cause the contract to enter an infinite loop, consuming all available gas and rendering it unusable. This could result in financial losse...

Reimagining Democracy

Last week, I hosted a two-day workshop on reimagining democracy. The idea was to bring together people from a variety of disciplines who are all thinking about different aspects of democracy, less from a "what we need to do today" perspective and more from a blue-sky future perspective. My remit ...

Regular Expression Denial Of Service (ReDoS)

rails-html-sanitizer is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for the attrnode.value attribute in the scrubattributes function of scrubbers.rb, allowing an attacker to crash the application by providing malicious SVG...

Regular Expression Denial Of Service (ReDoS)

loofah is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for the attrnode.value attribute in the scrubattributes function of scrub.rb, allowing an attacker to crash the application by providing malicious SVG attributes...

Implementation can be self destruct by deployer, effectively break all running sale and lock all assets.

Lines of code Vulnerability details Impact Sale in Escher is deployed using minimal proxy pattern, where there is only 1 implementation contract is deployed to save deployment gas. Also, in Open Edition and FixedPrice sale, when sale is not started yet, owner can cancel it, self destruct the prox...

Funds are locked if can’t transfer reward to recipient in withdraw

Lines of code Vulnerability details Impact When recipient not able to received reward when call withdraw, as natspec: If contract is using proxy pattern, it's possible to register retroactively, however past fees will be lost. We not handle that case to get locked funds back. We should add...

Win32.Ransom.Conti MVID-2022-0662 Cryptography Logic Flaw

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/99e55ce93392068c970384ab24a0e13d.txt Contact: [email protected] Media: twitter.com/malvuln Backup media: infosec.exchange/@malvuln Threat: Win32.Ransom.Conti Vulnerability: Crypto Logic Fla...

CLSA-2022-1669309294 Fix CVE(s): CVE-2022-1674, CVE-2022-1725, CVE-2022-3352

SECURITY UPDATE: Use After Free in vim - debian/patches/CVE-2022-3352.patch: Disallow deleting the current buffer to avoid using freed memory - CVE-2022-3352 SECURITY UPDATE: Crash when matching buffer with invalid pattern - debian/patches/CVE-2022-1674.patch: Check for NULL regprog - CVE-2022-16...

Attacker can spoof remainingETH and double-spend their input ETH to Exchange

Lines of code Vulnerability details Description remainingETH is an important state variable in Exchange.sol, which keeps track of how many ETH have yet to be used as payment from the current msg.value. The setupExecution modifier sets the value before and after execution: modifier setupExecution...

PT-2022-35275 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 5.15.75 Description: The issue is related to the drm/dp component, specifically with rewriting link config when setting phy test pattern. The actual impact and attack plausibility have not yet been proven...

Broken Upgradable Logic in Pool.sol

Lines of code Vulnerability details Impact The Pool smart contract allows a user to predeposit ETH so that it can be used when a seller takes their bid. It uses an ERC1967 proxy pattern and only the exchange contract is permitted to make transfers. The smart contract inherits the...

PT-2022-34996 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 6.0.3 Description: The issue is related to the drm/dp component, where link config is rewritten when setting the phy test pattern. The actual impact and attack plausibility have not yet been proven...

PT-2022-35484 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 5.10.150 Description: The issue is related to the drm/dp component, specifically with rewriting link config when setting phy test pattern. The actual impact and attack plausibility have not yet been proven...

Initialization function can be front-run

Lines of code Vulnerability details Detailed description of the impact of this finding: Exchange.sol has initialization function that can be front-run, allowing an attacker to incorrectly initialize the contract. Due to the use of the delegatecall proxy pattern, Exchange.sol cannot be initialized...

Potential DoS when closing a credit nominated in ETH in the LineOfCredit contract

Lines of code Vulnerability details When closing a credit that was issued in ETH, the LineOfCredit contract will send the lender his deposit and any accrued interests using the address.transferamount function, which may fail and revert the whole function, leading to an eventual DoS. Impact The...

GHSA-Q9WV-22M9-VHQH Tauri Filesystem Scope can be Partially Bypassed

Impact Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it was possible to partially bypass the fs scope definition. It was not possible to traverse into arbitrary paths, as the issue was limited to neighboring files and sub...

Reentrancy vulnerabilities

Lines of code Vulnerability details Impact A reentrancy attack can occur when the contract fails to update its state before the interaction, the attacker can make a recursive call back to the original function in an attempt to drain funds or token. Proof of Concept Contract Fed.sol. Function...