Lucene search
+L

217 matches found

Positive Technologies
Positive Technologies
added 2023/10/02 12:0 a.m.3 views

PT-2023-6096

Name of the Vulnerable Software and Affected Versions Apache ZooKeeper versions prior to 3.7.2 Apache ZooKeeper versions prior to 3.8.3 Apache ZooKeeper versions prior to 3.9.1 Description The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeepe...

9.1CVSS6.8AI score0.01713EPSS
Exploits0References179
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.7 views

Inactive Orchestrators and delegators's vote still counts towards as effective when calculating the quota and quorum

Lines of code Vulnerability details Impact Inactive Orchestrators and delegators's vote still counts towards as effective when calculating the quota and quorum Proof of Concept According to the documentation, one of the priorty is to ensure the code implementation matches the LIP specification...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.12 views

The quorum calculation in the _quorumReached() function is inconsistent and could allow abstain votes to prevent a proposal from reaching quorum even if most participating voters are in favor

Lines of code Vulnerability details Impact This allows abstain voters to effectively veto a proposal, even if most participating voters approve it. Proof of Concept The quorum numerator and denominator are inconsistent. The quorum uses totalVotes for the denominator which includes abstains. But t...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.12 views

getPastCirculatingSupply() returns the ARB token supply instead of circulating votes supply

Lines of code Vulnerability details Bug Description In ArbitrumGovernorVotesQuorumFractionUpgradeable, the getPastCirculatingSupply function is used when calculating quorum for proposals: ArbitrumGovernorVotesQuorumFractionUpgradeable.solL31-L35 /// @notice Get "circulating" votes supply; i.e.,...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/28 12:0 a.m.12 views

Malicious user can create an harmful proposal and execute it by setting a very low quorum .

Lines of code Vulnerability details Impact Malicious user can create an harmful proposal and execute it by setting a very low quorum . Which can lead to very bad consequences . Proof of Concept When creating a proposal, quorum is calculation logic looks like this : // get the quorum requirement f...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/03 12:0 a.m.8 views

A minimum of 1/3 of total esLBR supply required for the proposal to pass

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. If a quorum is set too high, the minimum number of cast voted required for a proposal to be successful would be harder to reach. Proof of Concept Provide direct links to all referenced code in GitHub. A...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/06/13 12:0 a.m.11 views

User can manipulate approvals and disapprovals of relative quorum strategy

Lines of code Vulnerability details Impact A malicious user with sufficient permissions can manipulate approvals and disapprovals of actions using the relative quorum strategy. They could effectively ensure that any action has an 100% chance of being approved or disapproved, even when the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/06/13 12:0 a.m.14 views

Role might be granted and revoked at the same block to manipulate the role supply and result in incorrect behavior of relative strategy

Lines of code Vulnerability details Impact There is a potential issue where a role can be granted, votes can be cast, and then the role can be revoked in the same block. This can lead to incorrect behavior of relative strategy in manipulating the vote supply. The problem arises because the role...

6.7AI score
Exploits0
Rockylinux
Rockylinux
added 2023/04/06 3:52 p.m.34 views

corosync-qdevice bug fix and enhancement update

An update is available for corosync-qdevice. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The corosync-qdevice package contains the Corosync Cluster Engine...

6.7AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.103 views

Security Bulletin: Vulnerability in IP Quorum affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in the IP Quorum feature on IBM Spectum Virtualize may lead to loss of confidentiality in private communications between the management GUI and clients. It is recommended that administrators upgrade to a fixed code level, request a new system certificate and redeploy the I...

5.9CVSS5.7AI score0.00554EPSS
Exploits0Affected Software10
SUSE CVE
SUSE CVE
added 2023/02/15 4:29 a.m.3 views

SUSE CVE-2018-8012

No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader...

7.5CVSS7.8AI score0.08724EPSS
Exploits0References3
Oracle linux
Oracle linux
added 2022/11/29 12:0 a.m.33 views

pcs security update

0.10.14-5.0.1 - Replace HAM-logo.png with a generic one 0.10.14-5 - Fixed ruby socket permissions - Resolves: rhbz2116838 0.10.14-4 - Fixed enable sbd from webui - Resolves: rhbz2117650 0.10.14-3 - Fixed pcs quorum device remove - Resolves: rhbz2115326 0.10.14-2 - Fixed booth ticket mode value ca...

8.8CVSS1.4AI score0.01825EPSS
Exploits1
Code423n4
Code423n4
added 2022/09/15 12:0 a.m.11 views

Initial spam of proposals

Lines of code Vulnerability details Impact In the initial phase, when not many tokens are minted, a malicious actor can start submitting proposals and later execute them. E.g. when the first token is minted, this first owner can instantly submit proposals to retrieve all the eth back from the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/08/27 12:0 a.m.8 views

Division before multiplication can lead to precision errors

Lines of code Vulnerability details Impact Since we are working with integer, if we divide before multiply, it can lead to precision errors. In this case, it can lead to error in quorum votes calculation in dynamicQuorumVotes function, allowing proposal be succeeded easier since quorumVote is...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/08/27 12:0 a.m.12 views

Dynamic quorum votes parameters for a proposal (Proposal A) are changed according to another proposal (Proposal B) that proposes to update dynamic quorum votes parameters when Proposal B is executed after Proposal A is created in the same block

Lines of code Vulnerability details Impact The following writeQuorumParamsCheckpoint function is used to record dynamic quorum votes parameters at a block of interest. function writeQuorumParamsCheckpointDynamicQuorumParams memory params internal uint32 blockNumber = safe32block.number, 'block...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/08/27 12:0 a.m.9 views

Votes which guarantee a majority for-vote can still result in a defeated proposal

Lines of code Vulnerability details Impact The current quorum logic in NounsDAOLogicV2.sol and NounsDAOLogicV1.sol seems undesirable. High, even complete, voter turnout may still not favour a majority for-vote, while a majority against-vote always wins, no matter how low the turnout is even zero...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/08/27 12:0 a.m.9 views

NounsDAOLogicV2's state() and proposals() will use initial dynamic params for all V1 proposals

Lines of code Vulnerability details state and proposals call quorumVotesid that utilize initial dynamic params for all V1 proposals by misusing 0 as a proposal creation block. I.e. new field is referenced while it is zero for all V1 proposals. This way all V1 proposals will use the same initial s...

6.7AI score
Exploits0
OSV
OSV
added 2022/08/18 6:48 p.m.40 views

GHSA-XRC4-737V-9Q75 OpenZeppelin Contracts's GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals

Impact This issue concerns instances of Governor that use the module GovernorVotesQuorumFraction, a mechanism that determines quorum requirements as a percentage of the voting token's total supply. In affected instances, when a proposal is passed to lower the quorum requirement, past proposals ma...

7.5CVSS7.4AI score0.00648EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/08/18 6:48 p.m.34 views

OpenZeppelin Contracts's GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals

Impact This issue concerns instances of Governor that use the module GovernorVotesQuorumFraction, a mechanism that determines quorum requirements as a percentage of the voting token's total supply. In affected instances, when a proposal is passed to lower the quorum requirement, past proposals ma...

7.5CVSS7.3AI score0.00648EPSS
Exploits0References5Affected Software2
Veracode
Veracode
added 2022/08/02 10:34 a.m.25 views

Business Logic Flaws

OpenZeppelin Contracts has business logic flaw. The vulnerability exists due to a lack of sanitization of past quorum allowing it to be executable when a new quorum meets the smart contract's requirement...

7.5CVSS7.2AI score0.00648EPSS
Exploits0References3Affected Software4
Rows per page
Query Builder