9 matches found
EUVD-2022-5015
Malicious code in bioql PyPI...
An attacker can manipulate the total active stake before calling reward() to get more rewards
Lines of code Vulnerability details Impact Attackers could drain rewards meant for other transcoders. Proof of Concept The key vulnerable code is in the reward function: This uses the transcoder's total stake earningsPool.totalStake and the total active stake currentRoundTotalActiveStake to...
Malicious users can manipulate the withdrawRound to withdraw their stake before the unbonding period is over.
Lines of code Vulnerability details Impact Disruption the normal bonding incentives and mechanisms in the protocol. Validators or transcoders could withdrew unexpectedly, preventing governance responses to bonded token changes. Proof of Concept The withdrawStake function first checks if the...
.The _newPosPrev/_newPosNext hints do not fully prevent invalid ordering when decreasing a delegate's stake.
Lines of code Vulnerability details Impact The contract could incorrectly deactivate or reward transcoders based on the invalid pool order. Proof of Concept When decreasing a delegate's stake with decreaseTotalStake, the contract calls transcoderPool.updateKey to update the delegate's position in...
[SECURITY] Fedora 38 Update: mlt-7.14.0-2.fc38
MLT is an open source multimedia framework, designed and developed for television broadcasting. It provides a toolkit for broadcasters, video editors,media players, transcoders, web streamers and many more types of applications. The functionality of the system is provided via an assortment of rea...
GHSA-QQFC-M9HC-PQV3 Deserialization of Untrusted Data in Infinispan
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possibl...
infinispan: deserialization of data in XML and JSON transcoders
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possibl...
infinispan: deserialization of data in XML and JSON transcoders
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possibl...
CVE-2018-1131
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possibl...