168 matches found
Transaction-Order-Dependence race condition for approveTransferERC20()
Handle 0xRajeev Vulnerability details Impact Similar to ERC20 approve being susceptible to double-spend allowance due to front-running, approveTransferERC20 here is also susceptible. For reference, see . This is the classic ERC20 approve race condition where a malicious spender can double-spend...
A malicious receiver can cause another receiver to lose out on distributed fees by returning false for tokensReceived when receiveRewards is called on their receiver contract.
Handle janbro Vulnerability details Summary A malicious receiver can cause another receiver to lose out on distributed fees by returning false for tokensReceived when receiveRewards is called on their receiver contract. Risk Rating Medium Vulnerability Details A malicious receiver can cause anoth...
Electric Coin Company Zcashd Security Breach
Zcash is a decentralized open source data currency. Electric Coin Company Zcashd before 2.1.1-1 suffers from a security vulnerability that allows an attacker to trigger a consensus failure and double spend...
IBM Emptoris Contract Management and IBM Emptoris Spend Analysis Information Disclosure Vulnerabilities
IBM Emptoris Contract Management is a web-based contract management software for managing and maintaining legal contracts between parties.IBM Emptoris Spend Analysis is a web-based information and management tool that supports organizations in consolidating spend data from dispersed and disparate...
CVE-2020-4897
IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM...
CVE-2020-4897
IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM...
Information disclosure
IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM...
CVE-2020-4897
CVE-2020-4897 affects IBM Emptoris Contract Management and IBM Emptoris Spend Analysis. The vulnerability arises from verbose application errors that reveal detailed information in browser responses, enabling an attacker to obtain sensitive data and potentially facilitate subsequent attacks. Affe...
CVE-2020-4897
IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM...
IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 安全漏洞
IBM Emptoris Contract Management is a web-based contract management software for managing and maintaining legal contracts between parties.IBM Emptoris Spend Analysis is a web-based information and management tool that supports organizations in consolidating spend data from dispersed and disparate...
Security Bulletin: Information Disclosure Vulnerability Affects IBM Emptoris Spend Analysis (CVE-2020-4897)
Summary Verbose application errors information disclosure affects IBM Emptoris Spend Analysis. Vulnerability Details CVEID: CVE-2020-4897 DESCRIPTION: IBM Emptoris could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Thi...
Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Spend Analysis (CVE-2020-11023, CVE-2020-11022)
Summary jQuery security vulnerabilities affect IBM Emptoris Spend Analysis. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could exploit this...
Three Cloud-First Akamai Initiatives to Support Your Cloud Journey
61% of organizations plan to focus on cloud migration this year. 93% have a multi-cloud strategy.1 This means that on average your organization is using 2.2 public clouds, multiplying your complexity and your costs. While the cloud has delivered on a lot of promises, it isn't getting simpler or...
Agoric: Improper Input Validation allows an attacker to "double spend" or "respend", violating the integrity of the message command history or causing DoS
Summary: Improper Input Validation allows an attacker to "double spend" or "respend", violating the integrity of the message command history or causing DoS Steps To Reproduce: I was curling random integers and found that I could do the following: json "type":"doEval","number":500,"body":"test"...
How Financial Apps Get You to Spend More and Question Less
You should never invest without fully understanding the risks, but tax prep and stock trading services often obfuscate the things you really need to know...
Ledger SAS Live Code Issue Vulnerability
Ledger SAS Live is a cryptocurrency wallet product from the French company Ledger SAS. A security vulnerability exists in Ledger SAS Live versions prior to 2.7.0. Unprocessed Bitcoin's Replacement of Fees RBF, which increases a user's balance with the value of an unconfirmed transaction immediate...
The Ultimate Security Budget Excel Template
Sound security budget planning and execution are essential for the CIO’s/CISO’s success. Now, for the first time, The Ultimate Security Budget Plan & Track Excel template download here provides security executives a clear and intuitive tool to keep track of planned vs. actual spend, ensuring that...
The Ultimate Security Budget Excel Template
Sound security budget planning and execution are essential for the CIO’s/CISO’s success. Now, for the first time, The Ultimate Security Budget Plan & Track Excel template download here provides security executives a clear and intuitive tool to keep track of planned vs. actual spend, ensuring that...
CVE-2019-4752
IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-e...
Sql injection
IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-e...