Sifchain: Wrong Implementation of Url in https://docs.sifchain.finance/

Hello Sifchain team, Here i found that there is a wrong implementation of telegram link in https://docs.sifchain.finance/join-sifchain/sifchain-communities which will not allow user to communicate with sifchain company. Step to reproduce : 1 Go to...

Sifchain: Wrong Url in Main page of sifchain.finance

Hello Sifchain team, I found that all the social media button is working properly except telegram button on the main page of sifchain.finance Misconfiguration on button can create bad reputation of a company as well as a genuine customer could not reach to a company through the mis-configured...

Transfer fee is burned on wrong accounts

Handle @cmichelio Vulnerability details Vulnerability Details The Vader.transfer function burns the transfer fee on msg.sender but this address might not be involved in the transfer at all due to transferFrom. Impact Smart contracts that simply relay transfers like aggregators have their Vader...

CVE-2021-3513

A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality...

curl: CVE-2021-22897: schannel cipher selection surprise

Summary: Commit "schannel: support selecting ciphers" added support for selecting the ciphers with SCHANNEL. However, due to use of a static algIds array for ciphers in setsslciphers the last configured cipher list will override configuration used by other connections, leading to potential wrong...

rubygem-actionview: CSRF vulnerability in rails-ujs

A flaw was found in rubygem-actionview. A regression of CVE-2015-1840 causes Rails-ujs to send CSRF tokens to wrong domains. The highest threat from this vulnerability is to data integrity...

kernel: race conditions caused by wrong locking in net/vmw_vsock/af_vsock.c

A flaw was found in the Linux kernel. Wrong locking in the AFVSOCK socket can cause a local privilege escalation, bypassing SMEP and SMAP. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

kernel: race conditions caused by wrong locking in net/vmw_vsock/af_vsock.c

A flaw was found in the Linux kernel. Wrong locking in the AFVSOCK socket can cause a local privilege escalation, bypassing SMEP and SMAP. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2020-29613

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.3 and iPadOS 14.3. An enterprise application installation prompt may display the wrong domain...

CVE-2020-29613

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.3 and iPadOS 14.3. An enterprise application installation prompt may display the wrong domain...

Code injection

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.3 and iPadOS 14.3. An enterprise application installation prompt may display the wrong domain...

apache-httpclient: incorrect handling of malformed authority component in request URIs

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

apache-httpclient: incorrect handling of malformed authority component in request URIs

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

Crowd 安全漏洞

Atlassian Crowd is a Web-based single sign-on system from Atlassian Australia. The system provides authentication, authorization and other features for multi-user, web applications and directory servers. A security vulnerability exists in Crowd before version 4.0.4, and from version 4.1.0 before...

Code injection

An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header which can be manipulated client-side is used for the internal application logs, an attacker can inject wrong IP addresses into these logs...

IPC messages delivered to the wrong frame

Overview IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app does ANY of the following, then it is impacted by this issue: - Uses...

apache-httpclient: incorrect handling of malformed authority component in request URIs

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

PT-2021-7984 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions 8.1 through 11 Description: The issue is related to improperly used crypto in the verifyHostName function of OkHostnameVerifier.java, which could lead to accepting a certificate for the wrong domain. This might result in remo...

CVE-2021-26958

An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::castevent uses std::mem::transmute to return a reference to an arbitrary type...

DEBIAN-CVE-2021-26708

A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AFVSOCK implementation are caused by wrong locking in net/vmwvsock/afvsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support...