EUVD-2024-39635

Malicious code in bioql PyPI...

CVE-2024-42475

In the OAuth library for nim prior to version 0.11, the state values generated by the generateState function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user's session with the attacker's protected...

Denial of Service (DoS)

Overview pytorch-lightning is a lightweight PyTorch wrapper for ML researchers. Scale your models. Write less boilerplate. Affected versions of this package are vulnerable to Denial of Service DoS through the /api/v1/state endpoint of LightningApp. An attacker can cause the server to shut down by...

CVE-2024-42475 OAuth library for nim allows insecure generation of state values by generateState - entropy too low and uses regular PRNG instead of CSPRNG

In the OAuth library for nim prior to version 0.11, the state values generated by the generateState function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user's session with the attacker's protected...

The calculateWithExactInput uses the same state's values for all transactions in the block

Lines of code Vulnerability details Impact The calculateWithExactInput uses the same state's values for all transactions. So all checks which should regulate swapped amounts will be broken. It can be a case of asset loss if there will be a significant amount of transactions in one block. Proof of...

Improper Access Control

ezsystems and ibexa/core are vulnerable to Improper Access Control. A remote attacker is able to bypass permissions and access unauthorized content due to faulty policy logic which doesn't limit the access to contents based on specific object state values...