Setting Factory.bondPercentDiv to zero cause Denial of Service in Auction.bondForRebalance()

Handle pants Vulnerability details The function Factory.setBondPercentDiv allows the owner to set the state variable Factory.bondPercentDiv to zero. Impact If Factory.bondPercentDiv equals zero then the function Auction.bondForRebalance will always revert due to a division by zero: bondAmount =...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 Path traversal and file disclosure vulnerabilit...

Two Way Chat < 3.1.5 - Admin+ Local File Inclusion

The plugin does not properly sanitise and validate user input before using in require statements, leading to Local File Inclusion issues PoC https://example.com/wp-admin/admin.php?page=TWCHsettings=../../index https://example.com/wp-admin/admin.php?page=TWCHsettings=Float=../../index...

Router has an arbitrary send

Handle heiho1 Vulnerability details Impact Router.sol line 221 has an arbitary-send of iBEP20token.transferrecipient, amount. The call ignore the transfer result. This is a brittle implementation because it relies on the boolean return value being hard-coded to true. Further, if a token...

Pool has unchecked transfers

Handle heiho1 Vulnerability details Impact Pool.removeForMemberaddress, Pool.swapToaddress,address and Pool.burnSynthaddress,address on lines 198, 199, 224, 250, and 253 ignore the boolean return on transfers. This is a brittle implementation because it relies on the boolean return value being...

Underflow problems occurring when a token has >18 decimals

Handle tensors Vulnerability details Impact The contracts assume that all tokens will have =18 decimals. If the Tracer team are the only people deploying the contracts, and they keep this in mind, this isn't a problem. If the contracts are to be deployed by other people, this assumption should be...

Unchecked token transfers

Handle Lucius Vulnerability details Impact The functions transerFrom/transer do not revert on failure and instead simply return false. Without checks on the return values, the transfers could potentially fail silently allowing unexpected issues with certain token pools. E.G. If a user calls depos...

UBUNTU-CVE-2021-34825

Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system...

Should reset timelockERC721s after calling transferERC721

Handle shw Vulnerability details Impact The function transferERC721 does not reset timelockERC721s after the NFT is transferred. If the same NFT token is time-locked again but with a different recipient, the recipient could not transfer the time-locked NFT by calling transferERC721 since he...

CVE-2021-33041

vmd through 1.34.0 allows ‘div class=“markdown-body”’ XSS, as demonstrated by Electron remote code execution via require‘childprocess’.execSync‘calc.exe’ on Windows and a similar attack on macOS. Recent assessments: nu11secur1ty at July 10, 2021 9:46pm UTC reported: CVE-2021-33041 If someone...

Use safeTransfer/safeTransferFrom consistently instead of transfer/transferFrom

Handle 0xRajeev Vulnerability details Impact It is good to add a require statement that checks the return value of token transfers or to use something like OpenZeppelin’s safeTransfer/safeTransferFrom unless one is sure the given token reverts in case of a failure. Failure to do so will cause...

CVE-2021-0272

A kernel memory leak in QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016 devices Flexible PIC Concentrators FPCs on Juniper Networks Junos OS allows an attacker to send genuine packets destined to the device to cause a Denial of Service DoS to the device. On QFX10002-32Q, QFX10002-60C...

Code Injection in script-manager

An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code...

Updated gnuplot packages fix a security vulnerability

Double free when executing printsetoutput CVE-2020-25559. Additionally, a missing require for gnuplot has been added to gnuplot-qt package...

idm:DL1 and idm:client security, bug fix, and enhancement update

bind-dyndb-ldap 11.3-1 - New upstream release - Resolves: rhbz1845211 ipa 4.8.7-12.0.1 - Set IPAPLATFORM=rhel when build on Oracle Linux Orabug: 29516674 4.8.7-12 - Require selinux sub package in the proper version Related: RHBZ1868432 - SELinux: do not double-define nodet and pkitomcatcertt...

Error: "Your logon has expired. Please log on again to continue." When Users Logon to StoreFront 1.2

After IT Administrators enable the ‘requireTokenConsistency’ parameter to ‘true ’ on StoreFront’s ‘store’ configuration file C:\inetpub\wwwroot\Citrix\Web.config users might not be able to access the resources. This feature is used to allow SmartAccess conditions to be passed from StoreFront...

Remote Code Execution in next

Versions of next prior to 5.1.0 are vulnerable to Remote Code Execution. The /path: route fails to properly sanitize input and passes it to a require call. This allows attackers to execute JavaScript code on the server. Note that prior version 0.9.9 package next npm package hosted a different...

Malicious Package in require-port

Version 1.0.0 of require-port contains malicious code as a preinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads a file from a remote server, executes it and opens a backdoo...

GHSA-88H9-FC6V-JCW7 Unintended Require in larvitbase-www

All versions of larvitbase-www are vulnerable to an Unintended Require. The package exposes an API endpoint and passes a GET parameter unsanitized to an require call. This allows attackers to execute any .js file in the same folder as the server is running. Recommendation No fix is currently...

Unintended Require in larvitbase-www

All versions of larvitbase-www are vulnerable to an Unintended Require. The package exposes an API endpoint and passes a GET parameter unsanitized to an require call. This allows attackers to execute any .js file in the same folder as the server is running. Recommendation No fix is currently...