Router: Transferring Token to the Pair contract will cause future liquidity providers to lose funds

Lines of code Vulnerability details Impact Same as code-423n4/2022-01-elasticswap-findings146 In the current implementation, the amount of LP tokens to be minted when addLiquidity is calculated based on the ratio between the amount of newly added tokens and the reserve variable in the Pair...

com.airbus-cyber-security.graylog:graylog-plugin-aggregation-count (>=4.0.0 <=4.1.1), com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=4.0.0 <=4.5.0) +67 more potentially affected by CVE-2021-20328 via org.mongodb:mongodb-driver-sync (>=3.12.0 <=3.12.7)

org.mongodb:mongodb-driver-sync MAVEN version =3.12.0, =4.0.0, =4.0.0, =4.0.0, =4.0.1, =3.0.0-alpha-15, =3.0.0-alpha-15, =4.5.0, =5.2.1, =5.2.1, =1.1.0.20221115, =1.5.0 and more Source cves: CVE-2021-20328 Source advisory: OSV:GHSA-RGHW-6PX2-FGWC...

ai.platon.commons:distributed-lock-example (>=1.4.2 <=1.4.3), ai.platon.commons:distributed-lock-mongo (>=1.4.2 <=1.4.3) +280 more potentially affected by CVE-2021-20328 via org.mongodb:mongodb-driver-sync (>=4.1.0 <=4.1.1)

org.mongodb:mongodb-driver-sync MAVEN version =4.1.0, =1.4.2, =1.4.2, =1.6.6, =1.6.6, =20.3.4, =20.3.4, =20.3.4, =20.3.4, =20.3.4, =20.3.4, =20.3.4, =20.3.4, =20.3.4, =20.9.2-1 and more Source cves: CVE-2021-20328 Source advisory: OSV:GHSA-RGHW-6PX2-FGWC...

com.coditory.sherlock:sherlock-mongo-sync (=0.4.3), com.hazelcast.jet.contrib:mongodb (=0.2) +22 more potentially affected by CVE-2021-20328 via org.mongodb:mongodb-driver-sync (>=3.11.0 <=3.11.2)

org.mongodb:mongodb-driver-sync MAVEN version =3.11.0, =0.0.1, =2.1.18, =2.1.18, =2.1.18, =2.0.0, =2.0.0, =2.0.0, =5.0.20.RC, =1.6.1, =3.11.0, =3.11.2 - org.mongojack:mongojack =2.10.1 and more Source cves: CVE-2021-20328 Source advisory: OSV:GHSA-RGHW-6PX2-FGWC...

GHSA-RH4W-94HH-9943 MutexGuard::map can cause a data race in safe code

Affected versions of the crate had a Send/Sync implementation for MappedMutexGuard that only considered variance on T, while MappedMutexGuard dereferenced to U. This could of led to data races in safe Rust code when a closure used in MutexGuard::map returns U that is unrelated to T. The issue was...

GHSA-5R9G-J7JJ-HW6C Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption

An issue was discovered in the futures-util crate before 0.3.2 for Rust. FuturesUnordered can lead to data corruption because Sync is mishandled...

Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption

An issue was discovered in the futures-util crate before 0.3.2 for Rust. FuturesUnordered can lead to data corruption because Sync is mishandled...

MutexGuard::map can cause a data race in safe code

Affected versions of the crate had a Send/Sync implementation for MappedMutexGuard that only considered variance on T, while MappedMutexGuard dereferenced to U. This could of led to data races in safe Rust code when a closure used in MutexGuard::map returns U that is unrelated to T. The issue was...

appian-locust (>=0.0.2 <=1.7.0), exact-sync (>=0.0.39 <=0.0.40) +2 more potentially affected by CVE-2020-28364 via locust (>=1.0.0 <=1.1.0)

locust PYPI version =1.0.0, =0.0.2, =0.0.39, =0.0.29, =0.4.0, =0.5.0 Source cves: CVE-2020-28364 Source advisory: OSV:GHSA-VQXW-9PG7-V7V9...

com.openshift.jenkins:openshift-pipeline (>=1.0.22 <=1.0.57), io.fabric8.jenkins.plugins:openshift-sync (>=0.0.8 <=1.0.45) potentially affected by CVE-2020-2308 via org.csanchez.jenkins.plugins:kubernetes (>=0.10 <=1.18.2)

org.csanchez.jenkins.plugins:kubernetes MAVEN version =0.10, =1.0.22, =0.0.8, =1.0.45 Source cves: CVE-2020-2308 Source advisory: OSV:GHSA-RR6J-37CV-C7X7...

com.openshift.jenkins:openshift-pipeline (>=1.0.22 <=1.0.57), io.fabric8.jenkins.plugins:openshift-sync (>=0.0.8 <=1.0.45) potentially affected by CVE-2020-2307 via org.csanchez.jenkins.plugins:kubernetes (>=0.10 <=1.18.2)

org.csanchez.jenkins.plugins:kubernetes MAVEN version =0.10, =1.0.22, =0.0.8, =1.0.45 Source cves: CVE-2020-2307 Source advisory: OSV:GHSA-FH5W-P2J4-4P8X...

com.nirima:docker-plugin (>=0.17 <=1.0.4), com.testinium.jenkins:testinium (=1.0) +38 more potentially affected by CVE-2020-2181 via org.jenkins-ci.plugins:credentials-binding (>=1.10 <=1.18)

org.jenkins-ci.plugins:credentials-binding MAVEN version =1.10, =0.17, =1.0.43, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-1, =1.2.7, =0.1.0, =0.1.1, =0.4.2 and more Source cves: CVE-2020-2181 Source advisory: OSV:GHSA-43J2-R4V3-M8JP...

com.nirima:docker-plugin (>=0.17 <=1.0.4), com.testinium.jenkins:testinium (=1.0) +37 more potentially affected by CVE-2019-1010241 via org.jenkins-ci.plugins:credentials-binding (>=1.10 <=1.16)

org.jenkins-ci.plugins:credentials-binding MAVEN version =1.10, =0.17, =1.0.43, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-1, =1.2.7, =0.1.0, =0.1.1, =0.4.2 and more Source cves: CVE-2019-1010241 Source advisory: OSV:GHSA-J7GW-MWFG-VQF4...

com.nirima:docker-plugin (>=0.17 <=1.0.4), com.testinium.jenkins:testinium (=1.0) +37 more potentially affected by CVE-2019-1010241 via org.jenkins-ci.plugins:credentials-binding (>=1.10 <=1.16)

org.jenkins-ci.plugins:credentials-binding MAVEN version =1.10, =0.17, =1.0.43, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-1, =1.2.7, =0.1.0, =0.1.1, =0.4.2 and more Source cves: CVE-2019-1010241 Source advisory: SNYK:JAVA-ORGJENKINSCIPLUGINS-9402853...

CVE-2022-31245

mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs...

CVE-2022-31245

mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs...

Design/Logic Flaw

mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs...

CVE-2022-31245

mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs...

com.openshift.jenkins:openshift-pipeline (>=1.0.22 <=1.0.57), io.fabric8.jenkins.plugins:openshift-sync (>=0.0.8 <=1.0.45) potentially affected by CVE-2018-1000187 via org.csanchez.jenkins.plugins:kubernetes (>=0.10 <=1.18.2)

org.csanchez.jenkins.plugins:kubernetes MAVEN version =0.10, =1.0.22, =0.0.8, =1.0.45 Source cves: CVE-2018-1000187 Source advisory: OSV:GHSA-V67X-GPG7-MWV3...

com.activecq.tools.quickimage:core (=1.0.0), com.adobe.cq.commerce:cq-commerce-hybris-impl (>=5.5.0 <=6.4.4) +19 more potentially affected by CVE-2015-2944 via org.apache.sling:org.apache.sling.servlets.post (>=2.0.4-incubator <=2.1.0)

org.apache.sling:org.apache.sling.servlets.post MAVEN version =2.0.4-incubator, =5.5.0, =5.5.0, =5.3.0, =5.3.0, =5.4.0, =1.0.8, =1.0.12, =1.0.6, =5.5.0, =5.6.2, =5.4.0, =5.6.8 and more Source cves: CVE-2015-2944 Source advisory: OSV:GHSA-RXVX-44W5-44R7...