No slippage control on _swapUnderlyingToUst of NonUSTStrategy.sol

Handle cccz Vulnerability details Impact There is no slippage control on swapUnderlyingToUst of NonUSTStrategy.sol, which expose strategy to sandwich attack. Due to the access control of doHardWork, the attacker can front run to do a sandwich attack. function doHardWork external...

run-down.com Cross Site Scripting vulnerability OBB-2319854

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2021-35232

Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users ...

PT-2021-14828 · Garrett Metal Detectors · Garrett Metal Detectors Ic Module Cma

Name of the Vulnerable Software and Affected Versions: Garrett Metal Detectors iC Module CMA version 5.0 Description: An authentication bypass issue exists in the CMA run server 6877 functionality. A properly-timed network connection can lead to authentication bypass via session hijacking. An...

avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE) not the upstream Avahi product.

...

UniV3Vault.sol#collectEarnings() can be front run

Handle WatchPug Vulnerability details For UniV3Vault, it seems that lp fees are collected through collectEarnings callable by the strategy and reinvested rebalanced. However, in the current implementation, unharvested yields are not included in tvl, making it vulnerable to front-run attacks that...

The vulnerability of the implementation of the runAgentRestarter method in the mobile device management system Avalanche allows a hacker to execute arbitrary commands.

The vulnerability of the runAgentRestarter method in the mobile device management system Avalanche is related to insufficient cleaning of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending specially crafted data...

purchaseArbitrageTokens() can be front run

Handle WatchPug Vulnerability details The current implementation of purchaseArbitrageTokens provides no parameter for slippage control, making it vulnerable to front-run attacks. function purchaseArbitrageTokensuint256 amount external notSameBlock ... uint256 purchased =...

splitReinvest() can be front run

Handle WatchPug Vulnerability details function splitReinvestuint256 rewardLiquidity external retrieveRewardrewardLiquidity; uint256 rewardBalance = rewardToken.balanceOfaddressthis; rewardToken.safeTransferaddressdexHandler, rewardBalance.div2; dexHandler.buyMalt; bondAccountmsg.sender; emit...

Sunnet eHRD 安全漏洞

Sunnet eHRD is a talent management system from SunChat Technology, Taiwan, China. The system supports talent management and performance management, etc. Sunnet eHRD has an access control error vulnerability, which can be exploited by an attacker to access the account management page after...

VulnCheck KEV: CVE-2017-6079

The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. You can use this page as a web shell essentially to execute commands, though you get no feedback client-side...

setReserve() can be front-run

Handle palina Vulnerability details Impact The reserve address variable in NestedFactory.sol remains equal to 0 before the setReserve function is called by an owner. This may lead to incorrect transfers of tokens or invalid comparison with e.g., the asset reserve nestedRecords.getAssetReservenftI...

IbbtcVaultZap.sol#deposit() can be front run

Handle WatchPug Vulnerability details function deposituint2564 calldata amounts public whenNotPaused // ... Given that IbbtcVaultZap.soldeposit will add liquidity to the curve pool, and the amount out differs when the price of tokens in the pool changes. However, the current implementation provid...

PT-2021-8180 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a use-after-free error in the Linux kernel's sched/fair component. This error occurs when the unregister fair sched group function unlinks all cfs rqs from a...

python-pillow: Buffer over-read in SGI RLE image reader

A flaw was found in python-pillow. SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled...

CVE-2021-43173

In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP...

CVE-2021-43172

NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a CA can choose the RRDP repository it wishes to publish its data in. By continuously generating a new child CA that only consists of anoth...

Design/Logic Flaw

In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP...

CVE-2021-43172

NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a CA can choose the RRDP repository it wishes to publish its data in. By continuously generating a new child CA that only consists of anoth...

CVE-2021-43172 Infinite length chain of RRDP repositories

NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a CA can choose the RRDP repository it wishes to publish its data in. By continuously generating a new child CA that only consists of anoth...