1697 matches found
CVE-2022-24337
CVE-2022-24337 affects JetBrains TeamCity prior to 2021.2, where health items from pull requests could be exposed to users without the necessary permissions. The issue is documented across multiple sources (NVD entry, Red Hat and CNVD mirrors, and JetBrains security bulletin), all confirming the ...
JetBrains TeamCity 访问控制错误漏洞
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.A security vulnerability exists in JetBrains TeamCity, which stems from the...
Review your security vulnerabilities in GitHub with code scanning alerts
Today, for GitHub repositories, our SAST analysis provides fast, precise security feedback directly inside your pull requests. You instantly know how many vulnerabilities are detected and, until now, you would systematically go to SonarCloud to start investigating. Not anymore. From this point...
Arbitrary Code Execution in Docker
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a 1 symlink or 2 hard link attack in an image archive in a a pull or b load operation...
GHSA-742W-89GC-8M9C containerd v1.2.x can be coerced into leaking credentials during image pull
Impact If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer otherwise known as a “foreign layer”, the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 o...
containerd v1.2.x can be coerced into leaking credentials during image pull
Impact If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer otherwise known as a “foreign layer”, the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 o...
Seven ways in which the Owner and Proxy Admin can make users lose funds ("rug vectors")
Lines of code Vulnerability details The contest explicitly asks to analyze the contract for "Rug Vectors", so that is what this issue is about. note to reviewers This issue list maybe 7 different problems and recommends different fixes. I could have made seven separate issues for each, but it wou...
Owner never calls finalize() = rug pull
Lines of code Vulnerability details Impact In order for users to claim their promised tokenOut tokens, the contract owner must call the finalize function. If the owner never calls the finalize function, no user can call the claim function to get their tokens. The owner can call the sweep function...
Zero tokenOut balance = rug pull
Lines of code Vulnerability details Impact The only time that the Badger Citadel contract checks that the balance of tokenOut is greater than or equal to totalTokenOutBought is in the finalize function, which happens at the end of the sale. A contract owner can start a token sale but never send...
CVE-2021-46101
In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly...
CVE-2021-46101
In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly...
ALPINE-CVE-2021-46101
In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly...
CVE-2021-46101
In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly...
Design/Logic Flaw
In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly...
CVE-2021-46101
In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly...
Git 安全漏洞
Git is a free, open source distributed version control system. Git for windows has a security vulnerability that stems from updating local repositories using Git pull in Git for windows up to 2.34.1, which Git. CMD can run directly...
Ninjasworkout - Vulnerable NodeJS Web Application
Damn Vulnerable NodeJS Application Quick Start Download the Repo = run npm i Afer Installing all dependency just run the application node app.js or nodemon app.js ADDED BUGS Prototype Pollution No SQL Injection Cross site Scripting Broken Access Control Broken Session Management Weak Regex...
Users shouldn't be forced into a specific strategy (possible rug pull)
Handle harleythedog Vulnerability details Impact As already discussed in the previous Sherlock C4 contest here, it is best to mitigate rug pull possibilities even if the team is well intentioned, there is still the risk of being called out, and less users might interact with the project if the...
Researchers warn of new Rug Pull scam through fraudulent crypto tokens
By Deeba Ahmed Another day another Rug Pull scam that involves exploiting of smart contract vulnerability. Scammers are exploiting misconfigurations in… This is a post from HackRead.com Read the original post: Researchers warn of new Rug Pull scam through fraudulent crypto tokens...
Hackers Creating Fraudulent Crypto Tokens as Part of 'Rug Pull' Scams
Misconfigurations in smart contracts are being exploited by scammers to create malicious cryptocurrency tokens with the goal of stealing funds from unsuspecting users. The instances of token fraud in the wild include hiding 99% fee functions and concealing backdoor routines, researchers from Chec...