1115 matches found
Wrong usage of positionId in ConcentratedLiquidityPoolManager
Handle broccoli Vulnerability details Impact In the subscribe function of ConcentratedLiquidityPoolManager, the incentive to subscribed is determined as follows: Incentive memory incentive = incentivespoolpositionId; However, positionId should be incentiveId, a counter that increases by one...
apache-httpclient: incorrect handling of malformed authority component in request URIs
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...
HybridPool._updateReserves Wrong implementation
Handle WatchPug Vulnerability details HybridPool.updateReserves is supposed to update the reserves to the latest bento share amounts. Instead, it uses underlying token amounts. In the getReserves function, reserves are treated as bento share amounts and get converted to underlying token amounts...
IndexPool._pow wrong loop and does not normalize values
Handle cmichel Vulnerability details The IndexPool.compute function is indented as if the if n % 2 != 0 output = output a; is inside the loop but there are actually not braces around it. It must be in the loop for the exponentiation by repeated squaring algorithm to work: function powuint256 a,...
HybridPool's reserve is converted to "amount" twice
Handle cmichel Vulnerability details The HybridPool's reserves are stored as Bento "amounts" not Bento shares in updateReserves because balance converts the current share balance to amount balances. However, when retrieving the reserve0/1 storage fields in getReserves, they are converted to amoun...
Enbra EWM 安全漏洞
Enbra Ewm is a universal reading device from the Czech company Enbra. It uses a radio to read water meters, heating cost indicators and calorimeters. An access control error vulnerability exists in Enbra EWM version 1.7.29, which originates in Enbra EWM and several tested wireless M-Bus sensors,...
CVE-2021-3797
hestiacp is vulnerable to Use of Wrong Operator in String Comparison...
Design/Logic Flaw
hestiacp is vulnerable to Use of Wrong Operator in String Comparison...
CVE-2021-3797
The CVE-2021-3797 entry for hestiacp has concrete technical details in connected data: in huntr’s description of hestiacp/hestiacp, a CSRF token check uses the != operator to compare $_SESSION["token"] with $_GET["token"] in index.php. This type juggling can bypass the CSRF token, enabling CSRF a...
Controller.setCap sets wrong vault balance
Handle cmichel Vulnerability details The Controller.setCap function sets a cap for a strategy and withdraws any excess amounts diff. The vault balance is decreased by the entire strategy balance instead of by this diff: // @audit why not sub diff? vaultDetailsvault.balance =...
wrong YAXIS estimates
Handle cmichel Vulnerability details The Harvester.getEstimates contract tries to estimate a YAXIS amount but uses the wrong path and/or amount. It currently uses a WETH input amount to compute a YAXIS - WETH trade. address memory path; path0 = IStrategystrategy.want; path1 =...
keycloak: Brute force attack is possible even after the account lockout
A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality...
CvxLocker.setBoost wrong validation
Handle cmichel Vulnerability details Vulnerability Details The CvxLocker.setBoost function does not validate the max, rate parameters, instead it validates the already set storage variables. // @audit this is checking the already-set storage variables, not the parameters requiremaximumBoostPaymen...
On : No Rate Limit in Login Page
The login page of the website did not have a rate limit implemented, allowing an attacker to perform brute force attacks by trying multiple login attempts without being restricted...
golang: crypto/tls: certificate of wrong type is causing TLS client to panic
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists or can be issued, or the client is configured with...
GHSA-3CJ3-JRRP-9RXF Unchecked Return Value in xcb
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::castevent uses std::mem::transmute to return a reference to an arbitrary type...
UBUNTU-CVE-2021-22236
Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1...
PT-2021-6756 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 14.1 and later Description: The issue is related to the improper handling of OAuth client IDs, which causes new subscriptions to generate OAuth tokens on an incorrect OAuth client application. This can allow a remote...
CVE-2021-29982
Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox 91 and Thunderbird 91...
apache-httpclient: incorrect handling of malformed authority component in request URIs
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...