CVE-2022-34102

Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt...

WordPress plugin WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Storage variable modifications when the contract is paused

Lines of code Vulnerability details Impact The function addMember can be called to modify the the storage variable community even if the contract is paused. function addMemberbytes calldata data, bytes calldata signature external virtual override // Compute hash from bytes bytes32 hash =...

Design/Logic Flaw

Frontier is Substrate's Ethereum compatibility layer. In affected versions the truncation done when converting between EVM balance type and Substrate balance type was incorrectly implemented. This leads to possible discrepancy between appeared EVM transfer value and actual Substrate value...

CVE-2022-31111 Discrepency in transfer value and actual value due to incorrect truncation in Frontier

Frontier is Substrate's Ethereum compatibility layer. In affected versions the truncation done when converting between EVM balance type and Substrate balance type was incorrectly implemented. This leads to possible discrepancy between appeared EVM transfer value and actual Substrate value...

CVE-2022-31111 Discrepency in transfer value and actual value due to incorrect truncation in Frontier

Frontier is Substrate's Ethereum compatibility layer. In affected versions the truncation done when converting between EVM balance type and Substrate balance type was incorrectly implemented. This leads to possible discrepancy between appeared EVM transfer value and actual Substrate value...

sell() and buy() should not have whenNotPaused modifier

Lines of code Vulnerability details Impact Impacts are two fold: 1. admin should not be allowed to stop users from selling/cashing out their assets under any circumstance. 2. Due to poor timing or malicious admin activity, it could be the case that buy is put on pause right after initiateBuyout i...

User Could Change The State Of The System While In Pause Mode

Lines of code Vulnerability details Proof-of-Concept Calling NibblVault.updateTWAP function will change the state of the system. It will cause the TWAP to be updated and buyout to be rejected in certain condition. When the system is in Pause mode, the system state should be frozen. However, it wa...

whenNotPaused modifier missing

Lines of code Vulnerability details Impact whenNotPaused modifier is missing in both createBasket function NibblVaultFactory.solL80 and withdrawUnsettledBids function NibblVault.solL424 This means even when contract is in paused state this function will still be operational Note Other impacted...

Emergency withdrawals are broken

Lines of code Vulnerability details Impact Usually, in emergency situations, contracts will be paused by the owner to prevent further damage. To withdraw all funds, the MyStrategy.prepareWithdrawAll function has to be manually called right before BaseStrategy.withdrawToVault can be called see...

All withdrawal functionality is paused when contract is paused

Lines of code Vulnerability details Impact When the strategy contract is paused, all withdrawal functionality will be paused. Based on the comments in MyStrategy.sol and baseStrategy.sol, withdrawToVault should not be affected by the pause functionality. This is not the case due to the...

CVE-2022-29235

BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker who is able to obtain the meeting identifier for a meeting on a server can find information related to an external video being shared, like the current timestamp...

PT-2022-19485 · Unknown · Bigbluebutton

Name of the Vulnerable Software and Affected Versions: BigBlueButton versions 2.2 through 2.3.17 BigBlueButton versions 2.4-rc-1 through 2.4-rc-5 Description: BigBlueButton is an open source web conferencing system. An attacker who is able to obtain the meeting identifier for a meeting on a serve...

The Gravity.sol should have pause/unpause functionality

Lines of code Vulnerability details Impact In case a hack is occuring or an exploit is discovered, the team or validators in this case should be able to pause functionality until the necessary changes are made to the system. Additionally, the gravity.sol contract should be manged by proxy so that...

Google protobuf 安全漏洞

Google protobuf is a data exchange format from Google, Inc. A security vulnerability exists in Google protobuf java that allows a small malicious load to occupy the parser for several minutes by creating a large number of short-lived objects that cause frequent, repetitive pauses...

Missing Emergency Pause Check

Handle defsec Vulnerability details Impact During the manual code review, It has been observed that minting progress is not checked when the contract is emergency paused. This can cause misfunctionality and unlocking user funds during the emergency pausing. Proof of Concept 1- Navigate to ""...

NetworkManager security, bug fix, and enhancement update

1.32.10-4.0.1 - add connectivity check via Oracle servers Orabug: 32051972 - Disable the build of NetworkManager-config-connectivity- subpackage for 8.3 1:1.32.10-4 - revert unapproved patches part of 'cloud-setup' change rh 1977984 1:1.32.10-3 - preserve the IPv6 multicast route added by kernel ...

Photon OS 4.0: Kubernetes PHSA-2021-4.0-0112

An update of the kubernetes package has been released. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-4.0-0112. The text itself is copyright C VMware, Inc...

Instagram Kids put on hold

Instagram has announced it is pausing the development of its newest brainchild, Instagram Kids—a version of Instagram aimed at 10-12-year-olds, or "tweens". Adam Mosseri, who heads up Instagram, wrote in a blog post about the idea behind Instagram Kids: "We started this project to address an...

Revert the transaction if convergence does not happen in HybridPool

Handle broccoli Vulnerability details Title: Revert the transaction if convergence does not happen in HybridPool Impact The getY and computeLiquidityFromAdjustedBalances functions use iterative approximations to calculate the output token amount or the liquidity invariant D. However, if the...