Pause off my cluster: DERO cryptojacking takes a new shape

Learn how the threat actors behind the 2023 DERO cryptojacking campaign have adapted their techniques to evade detection, and the best practices for mitigation...

[SECURITY] Fedora 39 Update: rust-uu_sleep-0.0.23-3.fc39

sleep uutils pause for DURATION...

PT-2024-40355 · Packagist · Typo3/Cms

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned Description: The issue concerns a brute force protection mechanism in the backend login system. This mechanism pauses for 5 seconds when incorrect credentials are provided. However, it is possible to...

Fedora: Security Advisory for rust-uu_sleep (FEDORA-2024-ce2936b568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

BIT-GITLAB-2020-13350

CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are =13.5.0, =13.4.0, 13.4.5,13.3.9...

openSUSE: Security Advisory for catatonit, containerd, runc (SUSE-SU-2023:4727-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CM can exploit a pause in GuardCM to gain permanent unrestricted access

Lines of code Vulnerability details Impact The GuardCM contract is designed to restrict the Community Multisig CM actions within the protocol to only specific contracts and methods. Under specific circumstances, the protocol allows the guard to be paused, which temporarily pauses the guard and...

Interest still accuring when repayment is paused, creating debt that cannot be repaid

Lines of code Vulnerability details Impact Interest still accuring when repayment is paused Proof of Concept When the admin pause the lending pool repayment, as timestamp elapses, interest still accuring /// @inheritdoc ILendingPool function accrueInterest public uint lastAccruedTime =...

Missing pause checks in LRTOracle

Lines of code Vulnerability details Summary The LRTOracle oracle provides functionality to pause the contract but no restrictions are applied when the contract is in a paused state. Impact Similar to the other contracts in the protocol, the LRTOracle contract offers pausing functionality: 101: //...

Missing pause check in transferAssetToNodeDelegator()

Lines of code Vulnerability details Summary The function transferAssetToNodeDelegator present in the LRTDepositPool contact ignores the contract's pause state. Impact The LRTDepositPool contract contains a functionality to pause the contract in case of an emergency. 208: function pause external...

Users can't repay their debts if the OmniPool contract is paused which can cause users to fall into liquidation and lose their collateral

Lines of code Vulnerability details Impact Users can't repay their debts if the OmniPool contract is paused which can cause users to fall into liquidation and lose their collateral Proof of Concept The OmniPool::repay function has implemented the whenNotPaused modifier, which will prevent the...

MEV bot can frontrun user's repayment to liquidate user first when the OmniPool is unpaused

Lines of code Vulnerability details Impact MEV bot can frontrun user's repayment to liquidate user first when the OmniPool is unpaused Proof of Concept this report tries to combine a few issue 1. when OmniPool is paused, interest is still accuring 2. when OmniPool is paused, user cannot repay 3...

To protect the contract in case of hacking or detection of incorrect operation, it is necessary to add pause and blacklist functions

Lines of code Vulnerability details Impact Cases of hacking and self-identification of errors in contact often occur. To protect the contract in such a case, the pause and blacklist functions in the contract are usually used. This would provide protection for the DelegateToken.sol contract in cas...

Well.skim() TRANSACTION CAN BE FRONT RUN BY Well.sync() TRANSACTION THUS MAKING THE Well.skim() CALL INEFFECTIVE

Lines of code Vulnerability details Impact The Well.skim external function is used to transfer the excess tokens held by the well to teh recipient. This is done by calculating the differnce between the contract balance and the reserves for each of the tokens as shown below: skimAmountsi =...

A Dutch trade could end up with an unintended lower closing price

Lines of code Vulnerability details Impact notTradingPausedOrFrozen that is turned on and off during an open Dutch trade could have the auction closed with a lower price depending on the timimg, leading to lesser capability to boost the Rtoken and/or stRSR exchange rates as well as a weakened...

Loss of staking yield for stakers when another user stakes in pause/frozen state

Lines of code Vulnerability details Impact Loss of staking yield for stakers when another user stakes in pause/frozen state. Proof of Concept Issue 148 from previous audit is present again. As i can see it was mitigated. But maybe after that new code changes were made, so this issue is present...

pause/unpause functionnalities not implemented in many pausable contracts

Lines of code Vulnerability details Impact The following contracts : SocializingPool, StaderOracle, OperatorRewardsCollector and Auction are supposed to be pausable as they all inherit from PausableUpgradeable but they don't implement the external pause/unpause functionalities which means it will...

Pausing Optimism Portal only pauses withdrawals, can result in locked or lost funds

Lines of code Vulnerability details The comment over OptimismPortal.pause indicates pause should affect both deposits and withdrawls. Currently, only finalizeWithdrawalTransaction and proveWithdrawlTransaction implement the whenNotPaused modifier. Both depositTransaction and donateETH do not...

Vulnerability in Pause Function

Lines of code Vulnerability details Impact An attacker can exploit this vulnerability by setting any value as the new paused status code, which can allow the attacker to circumvent the pausing restrictions and carry out unauthorized actions on the contract. This can lead to significant consequenc...

Authorization Bypass

libcpan-checksums-perl is vulnerable to Authorization Bypasses. Checksums generates CHECKSUMSs recursively for each directory under the author/directory structure, and the file path does not contain an author handle. An attacker with PAUSE access can trick PAUSE into generating a valid CHECKSUMS...