NFTXSimpleFeeDistributor#distribute() Wrong implementation of NFTXSimpleFeeDistributor#_sendForReceiver can potentially cause receivers to get wrong amounts of tokens

Handle WatchPug Vulnerability details function sendForReceiverFeeReceiver memory receiver, uint256 vaultId, address vault, uint256 amountToSend internal virtual returns bool if receiver.isContract IERC20Upgradeablevault.approvereceiver.receiver, amountToSend; // If the receive is not properly...

WJLP loses unclaimed rewards when updating user's rewards

Handle kenzo Vulnerability details After updating user's rewards in userUpdate, if the user has not claimed them, and userUpdate is called again eg. on another wrap, the user's unclaimed rewards will lose the previous unclaimed due to wrong calculation. Impact Loss of yield for user. Proof of...

GHSA-2WR2-8QJQ-GH55 Exposure of Resource to Wrong Sphere in org.craftercms:crafter-search

Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes...

ChainLink price data could be stale

Handle cmichel Vulnerability details There is no check in ChainlinkOracle.sync if the oracle return values indicate stale data. This could lead to stale prices according to the Chainlink documentation: under current notifications: "if answeredInRound roundId could indicate stale data." under...

ChiefTrader.sol Wrong implementation of swapExactInput() and swapExactOutput()

Handle WatchPug Vulnerability details When a caller calls ChiefTrader.solswapExactInput, it will call ITradertraderAddress.swapExactInput. return ITradertraderAddress.swapExactInput0, amount, recipient, path, options; However, in the current implementation, inputToken is not approved to the...

DEBIAN-CVE-2021-3672

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as we...

TWAPOracle might register with wrong token order

Handle cmichel Vulnerability details The TWAPOracle.registerPair function takes in a factory and token0, token1. The function accepts a factory argument which means any Uniswap-like factory can be used. When using the actual Uniswap factory's IUniswapV2Factoryfactory.getPairtoken0, token1 call, i...

VaderRouter.calculateOutGivenIn calculates wrong swap

Handle cmichel Vulnerability details The 3-path hop in VaderRouter.calculateOutGivenIn is supposed to first swap foreign assets to native assets in pool0, and then the received native assets to different foreign assets again in pool1. The first argument of VaderMath.calculateSwapamountIn,...

CVE-2021-40871

An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service DoS by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted...

CVE-2021-40871

An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service DoS by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted...

setAdmin function use one-phase owner transfership instead of two-phases safer ownership transfer

Handle mics Vulnerability details one-phase ownership transfer sometimes used wrong and the ownership is transferred to a not existing account. The safe way to use it is to suggest new owner and then the new owner should claim its ownership. InvestorDistribution line 212 --- The text was updated...

Mozilla: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing

By displaying a form validity message in the correct location at the same time as a permission prompt such as for geolocation, the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox 94,...

Default credentials

An issue was discovered in Fimer Aurora Vision before 2.97.10. The response to a failed login attempt discloses whether the username or password is wrong, helping an attacker to enumerate usernames. This can make a brute-force attack easier...

apache-httpclient: incorrect handling of malformed authority component in request URIs

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

UniswapV2/SushiwapLPAdapter update the wrong token

Handle cmichel Vulnerability details The UniswapV2LPAdapter/SushiswapV2LPAdapter.update function retrieves the underlying from the LP token pair asset but then calls router.updateasset, proof which is the LP token itself again. This will end up with the router calling this function again...

Information disclosure

In RevertActiveSessions of apexd.cpp, there is a possible way to share the wrong file due to an unintentional MediaStore downgrade. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

uncommit sends tokens to the wrong user

Handle cmichel Vulnerability details The PoolCommitter.uncommit function calls the ILeveragedPoolleveragedPool.quoteTokenTransfer/mintTokens function with msg.sender. But in uncommit's case that's the pool, not the commit owner, see onlyPool modifier on executeAllCommitments which calls uncommit...

commit burn yields wrong amountOut computation

Handle cmichel Vulnerability details The PoolCommitter.commit function first adds the amount to the shadow pool shadowPoolscommitType = shadowPoolscommitType + amount and then computes the amountOut with this updated value already: PoolSwapLibrary.getWithdrawAmountOnBurn IERC20tokens1.totalSupply...

CVE-2021-40191

Dzzoffice Version 2.02.1 is affected by cross-site scripting XSS due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php...

## ConcentratedLiquidityPoolManager.sol Wrong implementation of claimReward() and getReward()

Handle WatchPug Vulnerability details ConcentratedLiquidityPoolManager.sol Wrong implementation of claimReward and getReward Given incentive.secondsClaimed can usually be larger than 128, both claimReward and getReward will revert at: uint256 secondsUnclaimed = maxTime - incentive.startTime --- T...