114 matches found
MIT Kerberos Security Vulnerability
MIT Kerberos is a Massachusetts Institute of Technology MIT software for authentication in network clusters.Kerberos also serves as a network authentication protocol designed with the goal of providing strong authentication services to client/server applications through a key system. A security...
Collabora Online č·Øē«čę¬ę¼ę“
Collabora Online is a software application from Collabora UK. A powerful LibreOffice-based online office that supports all major document, spreadsheet and presentation file formats. A cross-site scripting vulnerability exists in Collabora Online version 23.05.10.1 and earlier, which stems from a...
Design/Logic Flaw
Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. This may happen when a window border is present and when the wrapped line continues o...
Minted Shares would be Inflate Shares by 10000 due to Math Error in the wrap function
Lines of code Vulnerability details Impact BPSDENOMINATOR in the rUSDY.sol contract is an important variable used to scale up usdy amount - shares as noted in it comment description but it is only used to scale up when minting shares but not scaled down before subtracting it from total shares and...
Potential Loss of Rewards During Token Transfers in StaticATokenLM.sol
Lines of code Vulnerability details Impact This issue could lead to a permanent loss of rewards for the transferer of the token. During the token transfer process, the beforeTokenTransfer function updates rewards for both the sender and the receiver. However, due to the specific call order and th...
the unfollow contract does random unfollow process of random follow token.
Lines of code Vulnerability details Impact in the FollowNft.sol we have to unfollow function this function is supposed to do unfollow process but as you see the followTokenId variable just returns one random follow id with profile id through mapping and there is no option to select which follow n...
Users cannot unfollow if they do not own the FollowNFT of the followTokenId used for their profile
Lines of code Vulnerability details Bug Description If the followTokenId of a profile is wrapped, users will only be able to unfollow if they are either: 1. The owner of the follow NFT. 2. An approved operator of the follow NFT's owner. This can be seen in the unfollow function of FollowNFT.sol:...
SUSE CVE-2005-0356
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers PAWS with the timestamps option enabled allow remote attackers to cause a denial of service connection loss via a spoofed packet with a large timer value, which causes the host to discard later packets because they appe...
SUSE CVE-2009-3374
The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to...
SUSE CVE-2010-0171
Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting XSS attacks, by using the addEventListener and setTimeo...
Potential DoS when closing a credit nominated in ETH in the LineOfCredit contract
Lines of code Vulnerability details When closing a credit that was issued in ETH, the LineOfCredit contract will send the lender his deposit and any accrued interests using the address.transferamount function, which may fail and revert the whole function, leading to an eventual DoS. Impact The...
Unable to redeem from Notional
Lines of code Redeemer.solL193 Vulnerability details Impact The maxRedeem function is a view function which only returns the balance of the Redeemer.sol contract. After this value is obtained, the PT is not redeemed from Notional. The user will be unable to redeem PT from Notional through...
MAL-2022-7238 Malicious code in wrapped-adapter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0cd7457ecef3800cd42d34d311e5e40171ce048eb5fa248810b9951dc9a2eafd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Withdraw function does not conform to EIP4626
Lines of code Vulnerability details Impact The withdraw of wfCashERC4626 is not 4626 compatible. wfCashERC4626.solL186-L191 According to EIP4626 Burns shares from owner and sends exactly assets of underlying tokens to receiver. The withdraw function of ERC4626 should send the exact same amount of...
Overexert on-chain slippage/loss control may cause users' funds to be frozen in the contract
Lines of code Vulnerability details requirewithdrawAmount = amount.percentMul9900, Errors.VTWITHDRAWAMOUNTMISMATCH; The GeneralVault.sol contract comes with a on-chain slippage/loss control to ensure the output amount is no more than 1% less of the requested amount. This can be a problem when the...
CVE-2021-32497
SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further checks...
Slingshot: Incorrect initial balance fetched for native token in executeTrades()
Handle hickuphh3 Vulnerability details Impact The executioner contract only supports ERC20ERC20 token trades. Native token swaps are supported by either wrapping / unwrapping the ERC20 wrapped native token before / after the trades respectively. When exchanging from the native token, the wrapping...
WrappedIbbtcEth.sol Sanity check of pricePerShare should be enforced
Handle WatchPug Vulnerability details /// @dev Update live ibBTC price per share from core /// @dev We cache this to reduce gas costs of mint / burn / transfer operations. /// @dev Update function is permissionless, and must be updated at least once every X time as a sanity check to ensure value ...
CVE-2021-21238
A verification flaw was found in python-pysaml2, where it did not validate signed SAML documents against an XML schema. Because the flaw allowed invalid XML documents to be processed, a network attacker could exploit this flaw by tricking pysaml2 with a wrapped signature. Mitigation Mitigation fo...
DEBIAN-CVE-2021-21238
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping...