528 matches found
The same console addresses on other chains can be captured by compromised or malicious owner
Lines of code Vulnerability details Impact The same order of owners addresses lets generate the same console address on all chains. But any owner from the list can deploy console accounts on other chains with threshold parameter equals 1 and then change owners in these accounts, i.e. capture thes...
PT-2023-29347 · Unknown · Byconsole Wooodt Lite
Name of the Vulnerable Software and Affected Versions: ByConsole WooODT Lite – WooCommerce Order Delivery or Pickup with Date Time Location plugin versions = 2.4.6 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicio...
AZL-31346 CVE-2023-44487 affecting package sriov-network-device-plugin for versions less than 3.5.1-2
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
PT-2023-23673 · Red Hat · Openshift Container Platform For Ibm Linuxone +4
Name of the Vulnerable Software and Affected Versions: undertow affected versions not specified jboss enterprise application platform affected versions not specified jboss enterprise application platform text-only advisories affected versions not specified openshift container platform affected...
Allowing price updates once in an epoch is extremely risky and open windows to a lot of issues
Lines of code Vulnerability details Impact Protocol currently knows about how this could be an effect, since the comments to both previewDeposit and convertToShares suggest that any difference attached to this should be considered slippage, but measures are not taken to ensure that this slippage ...
CVE-2023-36980
An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balance to be zeroed out when the value of betsize+casino.balance exceeds the threshold...
CVE-2023-36980
An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balance to be zeroed out when the value of betsize+casino.balance exceeds the threshold...
CVE-2023-36980
An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balance to be zeroed out when the value of betsize+casino.balance exceeds the threshold...
CVE-2023-36980
An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balance to be zeroed out when the value of betsize+casino.balance exceeds the threshold...
CVE-2023-36980
An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balance to be zeroed out when the value of betsize+casino.balance exceeds the threshold...
User will loss his funds forever if Threshold are not met .
Lines of code Vulnerability details Impact mintIfThresholdMet function is called from execute function while executing a bridging transaction . This function checks if thresholds are met and only mints token in the destination chain to the user if thresholds are met properly . However , the probl...
undertow: OutOfMemoryError due to @MultipartConfig handling
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service DoS attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass...
undertow: OutOfMemoryError due to @MultipartConfig handling
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service DoS attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass...
Any of the role setter , nominee Vetter should not be a council (cohort) member.
Lines of code Vulnerability details Impact The privileged cohort membercouncil member can influence the member addition, removal, rotating the nominee and excluding the nominee. The function of election can be rigged, arbitrary proposals can be passed. This is easy by the council member who has...
PT-2023-24237
Name of the Vulnerable Software and Affected Versions Crypto wallets implementing GG18 or GG20 TSS protocol affected versions not specified Description Crypto wallets using the GG18 or GG20 Threshold Signature Scheme TSS protocols are susceptible to an issue where an attacker can extract a full...
Lindell17 TSS Injection Vulnerability
tss-lib is an open source IO FinNet implementation of the multi-party t,n- threshold ECDSA Elliptic Curve Digital Signature Algorithm based on Gennaro and Goldfeder 20201 and EdDSA Edwards Curve Digital Signature Algorithm. A security vulnerability exists in Lindell17 TSS that stems from allowing...
GG18 TSS and GG20 TSS Injection Vulnerabilities
tss-lib is an open source IO FinNet implementation of the multi-party t,n- threshold ECDSA Elliptic Curve Digital Signature Algorithm based on Gennaro and Goldfeder 20201 and EdDSA Edwards Curve Digital Signature Algorithm. A security vulnerability exists in the GG18 , GG20 TSS that stems from...
undertow: OutOfMemoryError due to @MultipartConfig handling
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service DoS attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass...
undertow: OutOfMemoryError due to @MultipartConfig handling
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service DoS attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass...
DEBIAN-CVE-2023-3773
A flaw was found in the Linux kernel’s IP framework for transforming packets XFRM subsystem. This issue may allow a malicious user with CAPNETADMIN privileges to cause a 4 byte out-of-bounds read of XFRMAMTIMERTHRESH when parsing netlink attributes, leading to potential leakage of sensitive heap...