CVE-2024-28886

OS command injection vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product opens a crafted UTAU project file .ust file, an arbitrary OS command may be executed...

Multiple vulnerabilities in UTAU

Overview UTAU provided by ameya/ayame contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2024-28886 Path Traversal CWE-22 - CVE-2024-32944 Yu Ishibashi reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

CVE-2024-28886

OS command injection vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product opens a crafted UTAU project file .ust file, an arbitrary OS command may be executed...

Incorrect calculation of totalSupply(), balanceOf() in rUSDY.sol if the rate is unlinked from $1

Lines of code Vulnerability details Impact In rUSDY.sol, the functions totalSupply, balanceOf are calculated. totalSupply : function totalSupply public view returns uint256 return totalShares oracle.getPrice / 1e18 BPSDENOMINATOR; balanceOf : function balanceOfaddress account public view returns...

AyaCMS 代码注入漏洞

AyaCMS is an extremely simple and free open source PHP website builder. A security vulnerability exists in AyaCMS v3.1.2, which originated from a code flaw found in the ustsql.inc.php file, which can be exploited by an attacker to cause command execution by inserting malicious code...

Pausing can cause serious bad debt since debt can't be liquidated.

Lines of code Vulnerability details Impact Pausing can cause serious bad debt since debt can't be liquidated. For example, if 1 UST is used as collateral to borrow 0.7 USDT 30% safety. Then UST crashed and chainlink stopped working. You left no choice but to pause the contract. After that UST...

you should always approve zero amount because some contracts need it to interact with it (ust)

Lines of code Vulnerability details :make sure approval is zero first because there are contract that need to approve 0 becaues otherwise alot of contract will fail if approve is not zero first not a user then you can have a problem with ust contract which needs to approved 0 :mitigation:approve ...

new packages: lttng-ust

An update is available for lttng-ust. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterpri...

Medium: Consider alternative price feed + ensure _minLockPeriod > 0 to prevent flash loan attacks

Handle hickuphh3 Vulnerability details Impact It is critical to ensure that minLockPeriod 0 because it is immutable and cannot be changed once set. A zero minLockPeriod will allow for flash loan attacks to occur. Vaults utilising the nonUST strategy are especially susceptible to this attack vecto...

Moderate: Red Hat Security Advisory: libsrtp security and bug fix update

An update for libsrtp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

ust-luga.ru Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1073487 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

lttng-ust bug fix and enhancement update

This update fixes two issues in lttng-ust and subpackages. There was a bad shebang in the /usr/bin/lttng-gen-tp utility that prevented users from executing it. This issue has been fixed. lttng-ust was only available for x8664 architectures. lttng-ust is now available for all architectures support...

ALBA-2019:3411 lttng-ust bug fix and enhancement update

This update fixes two issues in lttng-ust and subpackages. There was a bad shebang in the /usr/bin/lttng-gen-tp utility that prevented users from executing it. This issue has been fixed. lttng-ust was only available for x8664 architectures. lttng-ust is now available for all architectures support...

lttng-ust bug fix and enhancement update

An update is available for lttng-ust. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This update fixes two issues in lttng-ust and subpackages. There was a bad...

ust-luga.ru Cross Site Scripting vulnerability

Security Researcher metamorfosec Helped patch 1944 vulnerabilities Received 9 Coordinated Disclosure badges Received 31 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting ust-luga.ru website and its users. Following...

ust-network.de XSS vulnerability

Vulnerable URL: http://ust-network.de/player/flashmediaelement.swf?jsinitfunctio%gn=alertOPENBUGBOUNTY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP...

ust-diechance.de XSS vulnerability

Vulnerable URL: http://ust-diechance.de/player/flashmediaelement.swf?jsinitfunctio%gn=alertOPENBUGBOUNTY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP...

Fedora Update for libsrtp FEDORA-2013-24114

Check for the Version of libsrtp OpenVAS Vulnerability Test Fedora Update for libsrtp FEDORA-2013-24114 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 19 Update: libsrtp-1.4.4-9.20101004cvs.fc19

This package provides an implementation of the Secure Real-time Transport Protocol SRTP, the Universal Security Transform UST, and a supporting cryptographic kernel...

CVE-2010-3386

usttrace in LTTng Userspace Tracer aka UST 0.7 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...