Lucene search
K

58 matches found

Code423n4
Code423n4
•added 2022/10/30 12:0 a.m.•9 views

The pledge creators can't withdraw unused funds after the pledge is expired in the pause mode.

Lines of code Vulnerability details Impact Currently, the pledge creators can't do anything after the protocol is paused. So they can't withdraw their unused funds after the pledge is expired in the pause mode and the funds will be locked in the contract. Proof of Concept As we can see from...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/30 12:0 a.m.•8 views

Excessive owner privilege - can freeze pledge creator's funds after pledging period completed.

Lines of code Vulnerability details Description The retrievePledgeRewards function is used by pledge creator, only after pledge endTimestamp has passed. It will collect for the creator all unused reward tokens. Since it can only operate after endTimestamp, the pledge has for all intents and...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/30 12:0 a.m.•12 views

Wrong reward calculation when reward token's decimals are different than 18

Lines of code Vulnerability details Impact When a user creates a pledge, she can specify the maximum amount of the Total Rewards and the maximum amount of fee amount she is willing to spend. By using the rewardPerVote, the vars.votesDifference and the vars.duration the smart contract calculates...

7AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/30 12:0 a.m.•12 views

Pledge creator can extend pledge without paying in edge cases.

Lines of code Vulnerability details Impact Pledge creator can extend pledge without paying in edge cases. Proof of Concept When pledge creators wants to extend their pledges, they must transfer an additional reward amount and fee: uint256 totalRewardAmount = pledgeParams.rewardPerVote...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/30 12:0 a.m.•6 views

Pledge creator can increase their pledges' reward per vote without paying in edge cases

Lines of code Vulnerability details Impact Pledge creator can increase their pledges' reward per vote without paying in edge cases. Proof of Concept When pledge creators wants to increase their pledges' reward per vote, they must transfer an additional reward amount and fee: uint256...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/29 12:0 a.m.•13 views

Interference exploit among multiple pledges.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. There is no guarantee that each server has only one pledge, when such scenario appears, vars.votesDifference will be calculated incorrectly and all other calculations will be wrong. Proof of Concept...

7AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/29 12:0 a.m.•8 views

Voting Power double count when the pledge.receiver delegates to their own pledge.

Lines of code Vulnerability details Impact When a pledge is created via the createPledge function, the pledge creator is allowed to select the receiver address which will receive the boost delegation. Additionally, targetVotes parametr is selected which is the maximum target of votes the receiver...

6.7AI score
Exploits0
OSV
OSV
•added 2022/03/25 6:15 p.m.•4 views

CVE-2022-27882

slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can prevent exploitation...

7.5CVSS7.4AI score0.01877EPSS
Exploits1References4
NVD
NVD
•added 2022/03/25 6:15 p.m.•13 views

CVE-2022-27882

slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can prevent exploitation...

7.5CVSS0.01877EPSS
Exploits1References4
Prion
Prion
•added 2022/03/25 6:15 p.m.•19 views

Buffer overflow

engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge can prevent exploitation...

5CVSS7.9AI score0.01869EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2022/03/25 6:15 p.m.•23 views

Design/Logic Flaw

slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can prevent exploitation...

5CVSS7.8AI score0.01877EPSS
Exploits1References4Affected Software1
CVE
CVE
•added 2022/03/25 5:13 p.m.•84 views

CVE-2022-27882

OpenBSD slaacd (CVE-2022-27882) in OpenBSD 6.9 and 7.0 before 2022-03-22 contains an integer signedness error that can trigger a heap-based buffer overflow when processing crafted IPv6 router advertisements. Impact is described as a denial-of-service; privilege separation and pledge can prevent e...

7.5CVSS7.7AI score0.01877EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
•added 2022/03/25 5:13 p.m.•25 views

CVE-2022-27882

slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can prevent exploitation...

8AI score0.01877EPSS
Exploits1References4
Prion
Prion
•added 2021/04/12 2:15 p.m.•16 views

Cross site scripting

The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreonsaveattachmentpatreonlevel AJAX action of the Patreon WordPress plugin before 1.7.2. This AJAX hook is used to update the pledge level required by Patreon subscribers to access a given attachment. This action is...

6.8CVSS8.4AI score0.01758EPSS
Exploits1References2Affected Software1
Carbon Black Blog
Carbon Black Blog
•added 2018/08/15 12:40 p.m.•29 views

Parity Pledge: Carbon Black’s Continued Commitment to Diversity & Inclusion

Carbon Black knows that unique ideas come from unique perspectives, which is why we’ve focused on creating a more diverse and inclusive workplace. Our team has built out initiatives to support our current workforce and continues to seek out new opportunities to attract and hire diverse members to...

0.5AI score
Exploits0
Malwarebytes
Malwarebytes
•added 2018/04/23 4:6 p.m.•44 views

A week in security (April 16 – April 22)

Last week, we took a stroll down memory lane talking about Facebook and MySpace, noticed a change in the Magnitude exploit kit—wherein it started adopting the GandCrab ransomware, took a good look at a new form of adware that is based on Python, chatted a bit about Russian hacking with a...

6.9AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
•added 2017/09/22 12:34 p.m.•49 views

September 22, 2017 – Morning Cyber Coffee Headlines – “Abraham Lincoln” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! September 22, 2017 - Headlines Carbon Black in the News: 'Hacker' is the wrong...

6.7AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
•added 2015/10/19 3:37 p.m.•10 views

South Korea Signs Up to Cyber Theft Pledge

On Friday the Obama administration secured its second win toward establishing a new norm in cyberspace. The Joint Fact Sheet published by the White House includes the following language: "no country should conduct or knowingly support cyber-enabled theft of intellectual property, trade secrets, o...

6.8AI score
Exploits0
Rows per page
Query Builder