11967 matches found
Users can lose eth when contributing.
Lines of code Vulnerability details Impact When contributing in InitialETHCrowdfund, if minting adjusts the voting power for that user to cap it at totalVotingPower, the user does not get refunded the eth he lost. Proof of Concept PartyGovernanceNFTmint caps the mintedVotingPower at...
CVE-2023-46798
...
Input validation
Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 2023.Q1.1223...
[SECURITY] Fedora 39 Update: bind9-next-9.19.17-1.fc39
BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...
CVE-2023-45335
...
CVE-2023-45014
...
sportbootzentrum.de Improper Access Control vulnerability OBB-3771453
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-44485
...
In for a penny, in for ten quadrillion dollars
Lines of code Vulnerability details Impact StakedUSDeV2 can be bricked for a penny. Proof of concept The checkMinShares requirement called after any deposit and withdrawal function checkMinShares internal view uint256 totalSupply = totalSupply; if totalSupply 0 && totalSupply MINSHARES revert...
precision issue EthenaMinting:mint() allows users to steal fund.
Lines of code Vulnerability details Impact In the EthenaMinting:mint function of the contract, a call is made to the transferCollateral function. This function calculates the transfer amount using the formula uint256 amountToTransfer = amount ratiosi / 10000;. However, it does not account for...
GHSA-GR82-8FJ2-GGC3 XWiki Platform XSS vulnerability from account in the create page form via template provider
Impact An attacker can create a template provider on any document that is part of the wiki could be the attacker's user profile that contains malicious code. This code is executed when this template provider is selected during document creation which can be triggered by sending the user to a URL...
CVE-2023-5044 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller...
About the security content of watchOS 10.1
About the security content of watchOS 10.1 This document describes the security content of watchOS 10.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are availabl...
Improper Input Validation
pdm is vulnerable to Improper Input Validation. The vulnerability exists in the readlockfile function at repositories.py due to lack of input validations which allows an attacker to trick a user into installing a malicious open source PyPi package...
[SECURITY] Fedora 38 Update: mvfst-2023.10.16.00-1.fc38
mvfst Pronounced move fast is a client and server implementation of IETF QU IC protocol in C++ by Facebook. QUIC is a UDP based reliable, multiplexed transp ort protocol that will become an internet standard. The goal of mvfst is to build a performant implementation of the QUIC transport protocol...
Rocky Linux 9 : php (RLSA-2023:5926)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5926 advisory. - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If...
the function _validateExecutionRequest checks the valid excutor account by the address of account given in call data instead of msg.sender which is realy easily exploitble
Lines of code Vulnerability details Impact the function validateExecutionRequest checks the valid excutor account by the address of account given in call data instead of msg.sender which is realy easily exploitable if you look at the function function validateExecutionRequestExecutionRequest...
Exim < 4.96.2 Multiple Vulnerabilities
According to its banner, the version of Exim running on the remote host is prior to 4.96.2. It is, therefore, potentially affected by multiple vulnerabilities: - Improper Neutralization of Special Elements CVE-2023-42117 - dnsdb Out-Of-Bounds Read CVE-2023-42119 Note that Nessus has not tested fo...
CVE-2023-22123
...
CVE-2023-22109
...