Use of timestamp for comparisons

Lines of code Vulnerability details Impact The timestamp in use can be manipulated causing a logic bug in the checks performed Proof of Concept Tools Used slither Recommended Mitigation Steps use random number generation --- The text was updated successfully, but these errors were encountered: Al...

Use Of block.timestamp Can Result In Attacker Manipulating His/Her Rewards In Their Favour

Lines of code Vulnerability details Impact If an attacker manipulates the block.timestamp in their favor then they can get higher rewards as uint256 rewards = u.rewards + u.lastBalance block.timestamp - u.lastUpdate in this equation lets say the attacker called this just now , and on the next...

Lack Of Proper Access Control Might Lead To User Getting Lesser Rewards

Lines of code Vulnerability details Impact We can call the function userAccrue for some other user and make their rewards lesser then they expect. In the function it calculates the rewards for a user that are being accrued over a period of time. The math to calculate how much reward a user has...

User can continuosly accrue rewards they are not due

Lines of code Vulnerability details Impact It is possible that block.timestamp can be manipulted by a user, thus allowing a malicious user to continuously acrue rewards they are not due, as long as the value is not 0 then rewards will be accrued function userAccrueERC20 producerToken, address use...

EOAs and system contracts can be blocked from some actions by continuously transferring them zero LP tokens

Lines of code Vulnerability details Impact LPToken contains the map lastInteractedTimestamp which maps addresses to timestamps and is updated for from and to addresses after a token transfer. Many operations will check the last interaction time of an address and revert if it's too recent to comba...

Miners can influence the value of block.timestamp to perform Maximal Extractable Value (MEV) attacks.

Lines of code Vulnerability details Impact Miners can influence the value of block.timestamp to perform Maximal Extractable Value MEV attacks. The use of now creates a risk that time manipulation can be performed to manipulate price oracles. Miners can modify the timestamp by up to 900 seconds...

RHEL 8 : libreoffice (RHSA-2022:1766)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1766 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor...

Moderate: Red Hat Security Advisory: libreoffice security, bug fix, and enhancement update

An update for libreoffice is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

libreoffice: Timestamp Manipulation with Signature Wrapping

A flaw was found in LibreOffice, where it inserted a signing timestamp. This flaw allows LibreOffice to present a valid signature due to the altered signing time. The highest threat from this vulnerability is to confidentiality and integrity...

ALSA-2022:1766 Moderate: libreoffice security, bug fix, and enhancement update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

RLSA-2022:1766 Moderate: libreoffice security, bug fix, and enhancement update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

libreoffice security, bug fix, and enhancement update

An update is available for libreoffice. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LibreOffice is an open source, community-developed office productivity...

Moderate: libreoffice security, bug fix, and enhancement update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

CentOS 8 : libreoffice (CESA-2022:1766)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:1766 advisory. - libreoffice: Content Manipulation with Double Certificate Attack CVE-2021-25633 - libreoffice: Timestamp Manipulation with Signature Wrapping...

user.creation is updated incorrectly when the user tries to extend membership

Handle WatchPug Vulnerability details if user.creation == 0 user.creation = block.timestamp; user.gracePeriod = membershipmsg.sender.creation + MEMBERSHIPDURATION + 60 days; else uint256 elapsedDurationPercentage = block.timestamp - user.creation 1 ether / MEMBERSHIPDURATION; if...

Apache OpenOffice Data Forgery Issue Vulnerability (CNVD-2021-84241)

Apache OpenOffice is the United States Apache Apache Foundation's an open source office software suite . The suite contains text documents, spreadsheets, presentations, drawings, databases, and more. Versions of Apache OpenOffice prior to 4.1.10 are vulnerable to data forgery issues, which can be...

Digital Signature Spoofing Flaws Uncovered in OpenOffice and LibreOffice

The maintainers of LibreOffice and OpenOffice have shipped security updates to their productivity software to remediate multiple vulnerabilities that could be weaponized by malicious actors to alter documents to make them appear as if they are digitally signed by a trusted source. The list of the...

CVE-2021-41831

It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory...

Code injection

It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory...

CVE-2021-41831 Timestamp Manipulation with Signature Wrapping

It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory...