DAO functions can be called before initialization in init() of DAO.sol

Handle 0xRajeev Vulnerability details Impact All the external/public functions of DAO.sol can be called by other contracts even before DAO.sol contract is initialized. This can lead to exceptions, state corruption or incorrect accounting in other contracts, which may require redeployment of...

Initialization can be front-run in DAO.sol

Handle 0xRajeev Vulnerability details Impact Given the public access, this is susceptible to front-running by an attacker who can initialize this with arbitrary assets before the deployer. Reinitialization will require contract redeployment because initialization can be done only once. Reference:...

Pool functions can be called before initialization in init() of Pools.sol

Handle 0xRajeev Vulnerability details Impact All the external/public functions of Pools.sol can be called by other contracts even before Pools.sol contract is initialized. This can lead to exceptions, state corruption or incorrect accounting in other contracts, which may require redeployment of...

Initialization can be front-run in USDV.sol

Handle 0xRajeev Vulnerability details Impact Given the public access, this is susceptible to front-running by an attacker who can initialize this with arbitrary assets before the deployer. Reinitialization will require contract redeployment because initialization can be done only once. Reference:...

CVE-2021-23382

The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service ReDoS via getAnnotationURL and loadAnnotation in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /\s sourceMappingURL=...

postcss 安全漏洞

Andrey Sitnik postcss is an open source application by Andrey Sitnik . Tool for converting styles using JS plug-ins . postcss 8.2.13 version before a security vulnerability , the vulnerability stems from vulnerability to regular expression denial-of-service attacks , vulnerable regular expression...

Columbo - A Computer Forensic Analysis Tool Used To Simplify And Identify Specific Patterns In Compromised Datasets

Columbo is a computer forensic analysis tool used to simplify and identify specific patterns in compromised datasets. It breaks down data to small sections and uses pattern recognition and machine learning models to identify adversaries behaviour and their possible locations in compromised Window...

Regular Expression Denial of Service (ReDoS) in Jinja2

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+ This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiti...

GHSA-G3RQ-G295-4J3M Regular Expression Denial of Service (ReDoS) in Jinja2

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+ This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiti...

Fedora: Security Advisory for rubygem-activerecord (FEDORA-2021-b571fca1b8)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

ALPINE-CVE-2021-20276

A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcrecompile may lead to denial of service...

CVE-2021-20276

A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcrecompile may lead to denial of service...

DEBIAN-CVE-2021-20276

A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcrecompile may lead to denial of service...

UBUNTU-CVE-2021-20276

A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcrecompile may lead to denial of service...

CVE-2021-20276

A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcrecompile may lead to denial of service...

Privoxy 缓冲区错误漏洞

Privoxy is a proxy server from the Privoxy team in the USA that does not cache web pages and comes with its own filtering features. It has advanced filtering features to enhance privacy, modify web data and HTTP headers, control access and remove advertisements and other annoying Internet...

Regular Expression Denial of Service (ReDoS)

Overview color-string is a Parser and generator for CSS color strings Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the hwb regular expression in the cs.get.hwb function in index.js. The affected regular expression exhibits quadratic worst-case...

Regular Expression Denial Of Service (ReDoS)

nwmatcher is vulnerable to regular expression denial of service. The use of multiple repeated instances of the "\s" in regular expressionPatterns allows an attacker to crash the application via a malicious string...

CVE-2021-27377

An issue was discovered in the yottadb crate before 1.2.0 for Rust. For some memory-allocation patterns, ydbsubscriptnextst and ydbsubscriptprevst have a use-after-free...

[SECURITY] Fedora 33 Update: mutt-2.0.5-1.fc33

Mutt is a small but very powerful text-based MIME mail client. Mutt is highly configurable, and is well suited to the mail power user with advanced features like key bindings, keyboard macros, mail threading, regular expression searches and a powerful pattern matching language for selecting group...