Code injection

Firefox for Android allowed navigations through the intent:// protocol, which could be used to cause crashes and UI spoofs. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 92...

CVE-2021-29993

Firefox for Android allowed navigations through the intent:// protocol, which could be used to cause crashes and UI spoofs. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 92...

CVE-2021-29993

Firefox for Android allowed navigations through the intent:// protocol, which could be used to cause crashes and UI spoofs. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 92...

Huawei HarmonyOS handles Bluetooth protocol data out-of-bounds vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a microkernel-based, fully distributed operating system. Huawei HarmonyOS handles a data out-of-bounds vulnerability in the Bluetooth protocol, which could be exploited by local attackers to cause nearby processes to crash...

SSL/TLS: Renegotiation MITM Vulnerability (CVE-2009-3555)

The remote SSL/TLS service is prone to a man-in-the-middle MITM vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-41173

Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside fro...

Ubuntu 18.04 LTS / 20.04 LTS : MySQL vulnerabilities (USN-5123-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5123-1 advisory. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been...

Changing NFT contract in the MochiEngine would break the protocol

Handle jonah1005 Vulnerability details Impact MochiEngine allows the operator to change the NFT contract. MochiEngine.solL91-L93 All the vaults would point to a different NFT address. As a result, users would not be access their positions. The entire protocol would be broken. IMHO, A function tha...

CVE-2021-42765

The Proof-of-Stake PoS Ethereum consensus protocol through 2021-10-19 allows an adversary to leverage network delay to cause a denial of service indefinite stalling of consensus decisions...

Design/Logic Flaw

The Proof-of-Stake PoS Ethereum consensus protocol through 2021-10-19 allows an adversary to leverage network delay to cause a denial of service indefinite stalling of consensus decisions...

CVE-2021-42766

The Proof-of-Stake PoS Ethereum consensus protocol through 2021-10-19 allows an adversary to cause a denial of service long-range consensus chain reorganizations, even when this adversary has little stake and cannot influence network message propagation. This can cause a protocol stall, or an...

CVE-2021-35625

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2021-35629

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

What Microsoft Bing’s IndexNow Means for CDN Users

Microsoft Bing today announced the rollout of IndexNow, a new protocol designed in conjunction with Yandex that can allow “websites to easily notify search engines whenever their website content is created, updated, or deleted.” The goal is to reduce the amount of time it takes for search engines...

The formula of number of prizes for a degree is wrong

Handle WatchPug Vulnerability details The formula of the number of prizes for a degree per the document: is: Number of prizes for a degree = 2^bit range^degree - 2^bit range^degree-1 - 2^bit range^degree-2 - ... Should be changed to: Number of prizes for a degree = 2^bit range^degree - 2^bit...

Validations

Handle pauliax Vulnerability details Impact function setBondPercentDiv should validate that newBondPercentDiv is not 0, or bondForRebalance will experience division by zero error otherwise. If you want to allow 0 values, then bondForRebalance should accommodate for such a possibility. function...

Fee on transfer tokens do not work within the protocol

Handle tensors Vulnerability details Fee on transfer tokens transfer less tokens in than what would be expect. This means that the protocol request incorrect amounts when dealing with these tokens. The protocol should use stored token balances instead of transfer for calculating amounts. --- The...

Unnecessary nonReentrant at mint breaks protocol

Handle kenzo Vulnerability details Basket's mint function has nonReentrant modifier. Mint function is only calling mintTo which also has nonReentrant modifier. Impact Nobody can use mint function. Proof of Concept Tools Used Recommended Mitigation Steps Remove nonReentrant from mint. --- The text...

Spotweb Cross-Site Scripting Vulnerability (CNVD-2021-83612)

Spotweb is a Php-based Soptnet client that follows the Spotnet protocol from the Spotweb team. 1.5.1 and previous versions of Spotweb have a cross-site scripting vulnerability that can be exploited by attackers to execute JavaScript code on the client side...