CLSA-2025-1757148344 Update of kernel

Rebased FIPS patches to 5.14.0-570.35.1...

mod_proxy_cluster security update

1.3.22-1.el96.1 - Resolves: RHEL-81070 Rebase modproxycluster to upstream 1.3.22.Final release 1.3.20-1 - Rebase modcluster to upstream 1.3.20.Final tag - Related: RHEL-27497 - Rebase to upstream 1.3.20.Final release...

php:8.2 security update

php 8.2.28-1 - rebase to 8.2.28 8.2.25-1 - rebase to 8.2.25 RHEL-65837 8.2.13-1 - rebase to 8.2.13 RHEL-14699 - add %phpize and %phpconfig macros - move httpd/nginx wants directives to config files in /etc - php-fpm.conf: move include directive after global section following upstream example,...

CVE-2024-39700 Remote Code Execution (RCE) vulnerability in jupyterlab extension template `update-integration-tests` GitHub Action

JupyterLab extension template is a copier template for JupyterLab extensions. Repositories created using this template with test option include update-integration-tests.yml workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to...

virt:ol and virt-devel:rhel security and enhancement update

hivex libguestfs 1.44.0-9.0.2 - libguestfs.spec: Add btrfs-progs RPM to appliance Orabug: 35634755 1.44.0-9.0.1 - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 Orabug: 29319324 - Set DISTROORACLELINUX correspeonding to ol 1:1.44.0-9 - Fix...

Fee-on-transfer/rebasing tokens will have problems when swapping

Lines of code 110 Vulnerability details Uniswap v3 does not support rebasing or fee-on-transfer tokens so using these tokens with it will result funds getting stuck. With fee-on-transfer tokens, if the balance isn't checked, the wrong amount may be transferred out. With rebasing tokens, the...

Fee-on-transfer/rebasing tokens will have problems when swapping

Lines of code 110 Vulnerability details Uniswap v3 does not support rebasing or fee-on-transfer tokens so using these tokens with it will result funds getting stuck. With fee-on-transfer tokens, if the balance isn't checked, the wrong amount may be transferred out. With rebasing tokens, the...

Fee-on-transfer/rebasing tokens will have problems when swapping

Lines of code 110 Vulnerability details Uniswap v3 does not support rebasing or fee-on-transfer tokens so using these tokens with it will result funds getting stuck. With fee-on-transfer tokens, if the balance isn't checked, the wrong amount may be transferred out. With rebasing tokens, the...

Upgraded Q -> 2 from #293 [1676241639792]

Judge has assessed an item in Issue 293 as 2 risk. The relevant finding follows: 01 USER CAN POSSIBLY TRANSFER NO token0 OR token1 TO TimeswapV2Option CONTRACT IF CORRESPONDING token0 OR token1 IS A REBASING TOKEN When calling the following TimeswapV2Option.mint function, msg.sender uses the...

MultiRewardEscrow.claimRewards() can break for rebasing tokens

Lines of code Vulnerability details Rebasing tokens make balanceOf modifications arbitrarily e.g: Aave share tokens. If such token is used in an escrow, the balance could become insufficient at the time of claiming rewards, making it impossible to claim rewards for that escrow. Impact Medium Proo...

Incompatibility With Rebasing/Deflationary/Inflationary tokens

Lines of code Vulnerability details Impact The Maverick AMM does not appear to support rebasing/deflationary/inflationary tokens whose balance changes during transfers or over time. The necessary checks include at least verifying the amount of tokens transferred to contracts before and after the...

Logic in SpigotLib will not work with rebasing tokens

Lines of code Vulnerability details Proof of Concept Some tokens may make arbitrary balance modifications outside of transfers e.g. Ampleforth style rebasing tokens, Compound style airdrops of governance tokens, mintable / burnable tokens. The code in the claimEscrow function uses a previously...

PT-2022-37530 · Opensuse +3 · Containerized-Data-Importer

Name of the Vulnerable Software and Affected Versions: containerized data importer images affected versions not specified Description: The issue is related to security problems that are resolved by rebasing the containers against the current base images. No specific details about the nature of th...

Rebasing tokens as Base tokens for the auction could be stuck in the contract or mean loss of funds for the las person to withdraw

Lines of code Vulnerability details Impact Use of rebasing tokens is not checked and could result it stuck funds, inability to cancel an Auction or withdraw due amounts of base token for the last one to call withdraw Proof of Concept If a rebasing token is used for the base token the balance held...

DoS with underlying Rebasing/Deflationary tokens

Lines of code Vulnerability details M -01 Issues with underlying Rebasing/Deflationary tokens Problem When underlying token is Rebasing/Deflationary at some point users will not be able to withdraw, because of the rebasing mechanics balance of tokens of the smart contract may change over time and...

Rebasing tokens can ruin the claiming

Lines of code Vulnerability details Rebasing tokens has the ability to use all the funds before all the recipients fulfilled their vestings. This can happen as the system records balance in nominals terms, while it can be rebased thereafter, which will create a discrepancy with system's accountin...

Fund migration should trigger a rebase to prevent missing out on potential rewards

Lines of code Vulnerability details Impact Rebasing allows the protocol to "distribute" profit/rewards to Yieldy and Foxy token holders by increasing the supply of tokens and increasing the balance of each token holder relative to the token balance creditBalances. The order of rebasing and...

The VotingEscrow steals depositor's rebasing tokens' rewards

Lines of code Vulnerability details Rebasing tokens are tokens that have each holder's balanceof increase over time. This ability of user's balances to grow is a way that some tokens provide rewards to the current holders. Aave aTokens are an example of such tokens. Impact Because the VotingEscro...

Rebasing tokens lock excess balance in contract

Lines of code Vulnerability details Rebasing tokens lock excess balance in contract If a vault is created with a rebasing ERC20 as its token, additional balance accrued through rebases while the token is owned by the vault may be locked in the contract. If the rebasing token balance decreases whi...

Fee-on-transfer/rebalancing tokens are not supported

Lines of code Vulnerability details Impact Some ERC20 tokens make modifications to their ERC20's transfer or balanceOf functions. One type of these tokens is deflationary tokens that charge a certain fee for every transfer or transferFrom. Others are rebasing tokens that increase in value over ti...