EVENT EMITTED WITHOUT ACTION

Lines of code Vulnerability details Impact A malicious validator can remain in the system after exceeding it's exit penalty threshold. This poses a risk to users and a possible reputation risk to the protocol. Proof of Concept In the updateTotalPenaltyAmount... function, when the validators...

A Malicious validator can frontrun 32ETH deposit

Lines of code Vulnerability details Impact Frontrunning by malicious validator actor to change the withdrawal credentials and gain the withdrawal ETH value. Proof of Concept A malicious validator can frontrun stake transaction with the same pubkey and deposit 1 ether for different withdrawal...

BEACON CHAIN VALIDATOR COULD SELF RESCUE WHEN OPERATOR IS FROZEN

Lines of code Vulnerability details Impact The modifier onlyNotFrozen is intuitive such that the staker will be frozen when the delegated operator is frozen. However, not utilizing it in recordOvercommittedBeaconChainETH and undelegate could allow the Beacon Chain validator to undelegate from the...

CVE-2023-30613 Kiwi TCMS unrestricted file upload vulnerability

Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS prior to 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious actor may upload an .exe file or a file containing embedded...

Malicious code in rocketship-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ce0aafeff45db86efda9196a3fd7a50259dcc329c7c1a74dc4e624fde4730830 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-748 Malicious code in rocketship-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ce0aafeff45db86efda9196a3fd7a50259dcc329c7c1a74dc4e624fde4730830 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security Bulletin: Validator as used by IBM QRadar Assistant app for IBM QRadar SIEM is vulnerable to denial of service (CVE-2021-3765)

Summary Validator as used by IBM QRadar Assistant app for IBM QRadar SIEM is vulnerable to denial of service. IBM QRadar Assistant app for IBM QRadar SIEM has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2021-3765 DESCRIPTION: validator.js is vulnerable to a denial of service,...

CVE-2023-26112

A flaw was found in python-configobj via the Validator function at python-configobj/validate.py. This issue only occurs in the case of a developer putting the offending value in a server side configuration file, which could lead to a Regular Expression Denial of Service ReDoS...

CVE-2022-47925

The validate JSON endpoint of the Secvisogram csaf-validator-service in versions 0.1.0 processes tests with unexpected names. This insufficient input validation of requests by an unauthenticated remote user might lead to a partial DoS of the service. Only the request of the attacker is affected b...

CVE-2022-47924

An high privileged attacker may pass crafted arguments to the validate function of csaf-validator-lib of a locally installed Secvisogram in versions 0.1.0 wich can result in arbitrary code execution and DoS once the users triggers the validation...

CVE-2022-47924

An high privileged attacker may pass crafted arguments to the validate function of csaf-validator-lib of a locally installed Secvisogram in versions 0.1.0 wich can result in arbitrary code execution and DoS once the users triggers the validation...

CVE-2022-47924 Arbitrary Code Execution using the validate function of csaf-validator-lib

An high privileged attacker may pass crafted arguments to the validate function of csaf-validator-lib of a locally installed Secvisogram in versions 0.1.0 wich can result in arbitrary code execution and DoS once the users triggers the validation...

CVE-2022-47924 Arbitrary Code Execution using the validate function of csaf-validator-lib

An high privileged attacker may pass crafted arguments to the validate function of csaf-validator-lib of a locally installed Secvisogram in versions 0.1.0 wich can result in arbitrary code execution and DoS once the users triggers the validation...

CVE-2022-47925

The CVE-2022-47925 affects the Secvisogram csaf-validator-service prior to version 0.1.0. The Vulnerability is in the validate JSON endpoint where insufficient input validation allows an unauthenticated remote user to cause a partial DoS of the service by sending tests with unexpected names. Per ...

Secvisogram csaf-validator-service 输入验证错误漏洞

Secvisogram is a web tool from Secvisogram open source. It is used to create and edit security advisories in CSAF 2.0 format. An input validation error vulnerability exists in Secvisogram csaf-validator-service versions prior to 0.1.0, which stems from insufficient input validation. An attacker...

PT-2023-15530 · Secvisogram · Csaf-Validator-Service

Name of the Vulnerable Software and Affected Versions: Secvisogram csaf-validator-service versions prior to 0.1.0 Description: The issue is related to insufficient input validation of requests by an unauthenticated remote user, which might lead to a partial Denial of Service DoS of the service...

Malicious Package

Overview skip-validator is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package wa...

K30110324: Multiple Node.js vulnerabilities

Security Advisory Description CVE-2013-7451 The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag. CVE-2013-7452 The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via a...

K84900646: Linux kernel vulnerability CVE-2020-14385

Security Advisory Description A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise...

K04403302: Apache Struts 1 vulnerability CVE-2016-1182

Security Advisory Description ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting XSS attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899...