34 matches found
EUVD-2014-7648
Malware in sbrugna...
EUVD-2011-3387
Malware in sbrugna...
EUVD-2022-33062
Malicious code in bioql PyPI...
CVE-2022-28620
A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutions; HPE Slingshot; and HPE Cray EX supercomputers versions: Prior to node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware...
Configure Virtual Channel Allow List for Epic Slingshot and Epic Warp Drive
The Virtual Channel Allow List feature has been enabled by default as of CVAD 2109 and has been carried forward to CVAD 2203 LTSR. When the allow list is enabled, Epic Slingshot and Epic Warp Drive require configuration of the Virtual Channel Allow List for their associated virtual channels to...
CVE-2022-28620
A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutions; HPE Slingshot; and HPE Cray EX supercomputers versions: Prior to node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware...
CVE-2022-28620
A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutions; HPE Slingshot; and HPE Cray EX supercomputers versions: Prior to node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware...
Authentication flaw
A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutions; HPE Slingshot; and HPE Cray EX supercomputers versions: Prior to node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware...
CVE-2022-28620
CVE-2022-28620 is a remote authentication bypass affecting HPE Cray Legacy Shasta System Solutions, HPE Slingshot, and HPE Cray EX supercomputers. Affected firmware/versions include: node controller firmware for HPE Cray EX liquid-cooled blades; chassis controller firmware in HPE Cray EX liquid-c...
HPE Cray Legacy Shasta 授权问题漏洞
HPE Cray Legacy Shasta is a supercomputer from Wise and Technology HPE. It can handle the new large-scale convergent modeling that is currently available. A security vulnerability exists in the HPE Cray Legacy Shasta that can be remotely exploited by an attacker to allow bypassing authentication,...
PT-2022-19108 · Hewlett Packard · Hpe Cray Ex Supercomputers +2
Name of the Vulnerable Software and Affected Versions: HPE Cray Legacy Shasta System Solutions versions prior to node controller firmware associated with HPE Cray EX liquid cooled blades HPE Slingshot versions prior to 1.7.2 HPE Cray EX supercomputers versions prior to 1.6.27/1.5.33/1.4.27...
Admin can abuse grantSlingshot and steal user funds
Handle kenzo Vulnerability details After user has .approved ApprovalHandler, admin can grantSlingshot himself, and then call ApprovalHandler.transferFrom with parameters that will transfer all tokens to himself before the user calls Slingshot's executeTrades. Although this vulnerability requires ...
Contract Selfdestruct via delegatecall
Handle elprofesor Vulnerability details Impact Using a malicious Module the ModuleRegistry admin can trigger a selfdestruct via delegate call in the Executioner.sol contract. ModuleRegistry and Executioner separate the logic between ModuleRegistry.sol admin and systems admin. Executioner.sol reli...
Inconsistent balance comparison of nativeToken in executeTrades
Handle kenzo Vulnerability details When toToken == nativeToken, executeTrades compares Executioner's starting nativeToken balance to Executioner's ending wrappedNativeToken balance. Impact Loss of user funds or DOS of executeTrades: if there is extra ETH in Executioner contract, finalOutputAmount...
Trades where toToken is feeOnTransferToken might send user less tokens than finalAmountMin
Handle kenzo Vulnerability details Slingshot's executeTrades checks that the trade result amount to be sent to the user is bigger than finalAmountMin, and after that sends the user the amount. But if the token charges fee on transfer, the final transfer to the user will decrease the amount the us...
Incorrect calculation of initialBalance in Slingshot.executeTrades()
Handle daejunpark Vulnerability details Impact The Slingshot.executeTrades incorrectly calculates initialBalance when toToken == nativeToken. It should have been the balance of wrapped native tokens e.g., WETH, rather than that of native currencies e.g., Ether. This incorrect behavior introduces...
Leftover balance in the Executioner contract can be drained
Handle gzeon Vulnerability details Impact Leftover balance in the Executioner contract can be drained by swapping the target assetnative/erc20 into another asset. Slingshot.executeTrades allow user to execute trade using modules as long as the module is registered in the ModuleRegistry. The...
TrickBot Returns with a Vengeance, Sporting Rare Bootkit Functions
The TrickBot malware has morphed once again, this time implementing functionality designed to inspect the UEFI/BIOS firmware of targeted systems. It marks a serious resurgence following an October takedown of the malware’s infrastructure by Microsoft and others. The Windows Unified Extensible...
Cyber Espionage Campaign ‘Slingshot’ Targets Victims Via Routers
CANCUN, Mexico – Researchers have uncovered a new cyber-espionage threat, dubbed Slingshot, that targets routers and uses them as a springboard to attack computers within a network. Kaspersky Lab, which released details of its discovery during its Security Analyst Summit on Friday, said that the...
APT Hackers Infect Routers to Covertly Implant Slingshot Spying Malware
Security researchers at Kaspersky have identified a sophisticated APT hacking group that has been operating since at least 2012 without being noticed due to their complex and clever hacking techniques. The hacking group used a piece of advanced malware—dubbed Slingshot—to infect hundreds of...