ALPINE-CVE-2021-46101

In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly...

Design/Logic Flaw

In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly...

CVE-2021-46101

In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly...

Git 安全漏洞

Git is a free, open source distributed version control system. Git for windows has a security vulnerability that stems from updating local repositories using Git pull in Git for windows up to 2.34.1, which Git. CMD can run directly...

Ninjasworkout - Vulnerable NodeJS Web Application

Damn Vulnerable NodeJS Application Quick Start Download the Repo = run npm i Afer Installing all dependency just run the application node app.js or nodemon app.js ADDED BUGS Prototype Pollution No SQL Injection Cross site Scripting Broken Access Control Broken Session Management Weak Regex...

Users shouldn't be forced into a specific strategy (possible rug pull)

Handle harleythedog Vulnerability details Impact As already discussed in the previous Sherlock C4 contest here, it is best to mitigate rug pull possibilities even if the team is well intentioned, there is still the risk of being called out, and less users might interact with the project if the...

Researchers warn of new Rug Pull scam through fraudulent crypto tokens

By Deeba Ahmed Another day another Rug Pull scam that involves exploiting of smart contract vulnerability. Scammers are exploiting misconfigurations in… This is a post from HackRead.com Read the original post: Researchers warn of new Rug Pull scam through fraudulent crypto tokens...

Hackers Creating Fraudulent Crypto Tokens as Part of 'Rug Pull' Scams

Misconfigurations in smart contracts are being exploited by scammers to create malicious cryptocurrency tokens with the goal of stealing funds from unsuspecting users. The instances of token fraud in the wild include hiding 99% fee functions and concealing backdoor routines, researchers from Chec...

Incorrect Default Permissions in log4js

Impact Default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode...

Medium: containerd

Issue Overview: A flaw was found in containerd. Credentials may be leaked during an image pull. CVE-2020-15157 Affected Packages: containerd Issue Correction: Run yum update containerd or yum update --advisory ALAS-2021-1555 to update your system. New Packages: src: ...

CVE-2022-21685

Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds and...

Integer overflow

Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds and...

CVE-2022-21685 Integer underflow in Frontier

Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds and...

CVE-2022-21685 Integer underflow in Frontier

Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds and...

A week in security (January 3 – 9)

Last week on Malwarebytes Labs: Ransomware attacks Finalsite, renders 8,000 school sites unreachable for days Patchwork APT caught in its own web Sophisticated phishing scheme spent years robbing authors of their unpublished work Google and Facebook fined $240 million for making cookies hard to...

$10m of funds goes missing in what appears to be a cryptocurrency rug-pull

There’s a lot of concern in the cryptocurrency realm at the moment. A yield farming platform "utilizing arbitrage to gain optimal yield with low risk" has gone AWOL. Site down, Twitter account deleted, no word from the team behind it explaining what happened. Worst of all, some $10 million worth ...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4j log4shell CVE-2021-44228 Public IoCs list Public IoCs...

Timelock delay can be changed by without any delay

Handle 0x0x0x Vulnerability details Impact Delay can be changed without any delay. Therefore, it is possible to call functions from this contract in a single block by changing the delay. This creates a huge attack vector, since if governor private keys would be stolen, everything can be withdrawn...

GHSA-MC8V-MGRF-8F4M Clarify Content-Type handling

Impact In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests” and “layers” fields could be interpreted as either a manifest or an index in the...

Clarify Content-Type handling

Impact In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests” and “layers” fields could be interpreted as either a manifest or an index in the...