Lucene search
K

190 matches found

Code423n4
Code423n4
added 2023/01/17 12:0 a.m.6 views

If requestMint() is called before mintFee is initially set via setMintFee(), the return of _getMintFees(collateralAmountIn) can be "underflow" , which results in the loss for the protocol and the unexpected-benefit for certain users

Lines of code Vulnerability details Impact This vulnerability lead to the loss for this protocol and the unexpected-benefit for certain users like this: The protocol cannot earn the fee in collateral feesInCollateral that is supposed to be earned unless the MANAGERADMIN set the certain amount of...

6.7AI score
Exploits0
NVD
NVD
added 2022/12/13 3:15 a.m.25 views

CVE-2022-41264

Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacke...

8.8CVSS0.00855EPSS
Exploits0References2
OSV
OSV
added 2022/12/13 3:15 a.m.6 views

CVE-2022-41264

Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacke...

8.8CVSS5.9AI score0.00855EPSS
Exploits0References2
Prion
Prion
added 2022/12/13 3:15 a.m.21 views

Design/Logic Flaw

Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacke...

6.5CVSS8.6AI score0.00855EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/12/13 2:27 a.m.56 views

CVE-2022-41264

The CVE-2022-41264 issue affects SAP BASIS components (versions 731, 740, 750–757, 789–791) where the unrestricted scope of the RFC function module allows an authenticated non-administrator to access a system class and execute any of its public methods with attacker-supplied parameters. This can ...

8.8CVSS8.6AI score0.00855EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/12/13 2:27 a.m.28 views

CVE-2022-41264

Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacke...

8.8CVSS8.9AI score0.00855EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/12/13 2:27 a.m.10 views

CVE-2022-41264

Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacke...

8.8CVSS8.9AI score0.00855EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.4 views

SAP Basis 代码注入漏洞

SAP Basis is a content management system. SAP Basis suffers from a code injection vulnerability that stems from the unrestricted scope of its RFC function modules allowing an authenticated, non-administrator attacker to access a system class and execute any of its public methods using...

8.8CVSS7.2AI score0.00855EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/12/13 12:0 a.m.7 views

PT-2022-25776 · Sap · Sap Basis

Name of the Vulnerable Software and Affected Versions: SAP BASIS versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791 Description: The issue allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provid...

8.8CVSS8.7AI score0.00855EPSS
Exploits0References5
Code423n4
Code423n4
added 2022/04/05 12:0 a.m.9 views

NFTLoanFacilitator: Insufficient granularity allows for same-term loans to be accepted

Lines of code Vulnerability details Details & Impact It is possible for the calculated interest rate improvement to be zero if the existing interest rate is low enough ≤ 0.9% with 10% improvement rate. In such cases, lenders can compete to continually buyout each other with the same terms. The...

6.8AI score
Exploits0
Tibco
Tibco
added 2022/01/31 8:31 p.m.26 views

TIBCO Security Advisory: February 15, 2022 - TIBCO BusinessConnect Container Edition -2021-43049

TIBCO BusinessConnect Container Edition username and password leakage Original release date: February 15, 2022 Last revised: --- CVE-2021-43049 Source: TIBCO Software Inc. Products Affected TIBCO BusinessConnect Container Edition versions 1.1.0 and below The following component is affected:...

10CVSS7.3AI score0.01305EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/10/27 12:0 a.m.44 views

NewStart CGSL MAIN 6.02 : firefox Multiple Vulnerabilities (NS-SA-2021-0120)

The remote NewStart CGSL host, running version MAIN 6.02, has firefox packages installed that are affected by multiple vulnerabilities: - Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a...

8.8CVSS8.4AI score0.01876EPSS
Exploits0References43
NVD
NVD
added 2021/09/09 6:15 p.m.26 views

CVE-2020-19265

A stored cross-site scripting XSS vulnerability in the index.php/Dswjcms/Basis/links component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML...

6.1CVSS0.00641EPSS
Exploits1References1
OSV
OSV
added 2021/09/09 6:15 p.m.4 views

CVE-2020-19265

A stored cross-site scripting XSS vulnerability in the index.php/Dswjcms/Basis/links component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML...

6.1CVSS6.5AI score0.00641EPSS
Exploits1References1
CVE
CVE
added 2021/09/09 5:44 p.m.49 views

CVE-2020-19265

The provided documents confirm a stored cross-site scripting (XSS) vulnerability in Dswjcms 1.6.4, specifically in the index.php/Dswjcms/Basis/links component. The root cause is lack of proper validation/escaping of input parameters in that component, enabling attackers to store and execute arbit...

6.1CVSS5.9AI score0.00641EPSS
Exploits1References1Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2021/09/02 3:44 p.m.179 views

Active Exploitation of Confluence Server & Confluence Data Center: CVE-2021-26084

This attack is ongoing. See the Updates section at the end of this post for new information as it comes to light. On August 25, 2021, Atlassian published details on CVE-2021-26084, a critical remote code execution vulnerability in Confluence Server and Confluence Data Center. The vulnerability...

7.5CVSS0.3AI score0.99999EPSS
Exploits45
CNVD
CNVD
added 2021/06/28 12:0 a.m.11 views

Weak Password Vulnerability in MX-M316N of Sharp Trading (China) Co.

Sharp Trading China Co., Ltd. is a foreign enterprise that distributes and wholesales household appliances, LCD TVs, air conditioners, cell phones, printers and other products. A weak password vulnerability exists in Sharp Trading China Co. MX-M316N, which can be exploited by attackers to obtain...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/05/17 11:0 a.m.37 views

Is 85% of US Critical Infrastructure in Private Hands?

Most US critical infrastructure is run by private corporations. This has major security implications, because its putting a random power company in -- say -- Ohio -- up against the Russian cybercommand, which isnt a fair fight. When this problem is discussed, people regularly quote the statistic...

0.8AI score
Exploits0
NVD
NVD
added 2021/01/07 2:15 p.m.21 views

CVE-2020-26974

When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox 84, Thunderbird 78.6, and Firefox ESR...

8.8CVSS8.3AI score0.01455EPSS
Exploits0References4
OSV
OSV
added 2021/01/07 2:15 p.m.1 views

DEBIAN-CVE-2020-26974

When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox 84, Thunderbird 78.6, and Firefox ESR...

8.8CVSS8AI score0.01455EPSS
Exploits0References1
Rows per page
Query Builder