Lucene search
K

47 matches found

Code423n4
Code423n4
added 2023/04/13 12:0 a.m.12 views

A hacker can front-run the owner of a PrivatePool to drain the pool

Lines of code Vulnerability details Impact A hacker can sandwitch calls to setVirtualReserves or setMerkleRoot in a private pool and make an instant profit at the expense of the owner. For example, the hacker sees that there is a setVirtualReserves transaction in the mempool that will make the NF...

7.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/01/17 11:0 a.m.21 views

The new Spring Boot version validation and upgrade support in Spring Tools

New releases of Spring Boot are being released on a quite frequent schedule and updating your projects to newer versions of Spring Boot is something that many teams and organizations around the globe do as part of their daily work. Sometimes those upgrades are simple and easy, for example for new...

7.2AI score
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2021/08/12 12:0 a.m.125 views

Security update for SUSE Manager Client Tools (moderate)

openSUSE Security Update: Security update for SUSE Manager Client Tools Announcement ID: openSUSE-SU-2021:2675-1 Rating: moderate References: 1175478 1186242 1186508 1186581 1186650 1188846 SLE-18254 Cross-References: CVE-2021-27962 CVE-2021-28146 CVE-2021-28147 CVE-2021-28148 CVE-2021-29622 CVSS...

7.5CVSS7AI score0.1956EPSS
Exploits0References7
Node.js
Node.js
added 2021/05/10 6:40 p.m.52 views

Prototype Pollution

Overview mathjs before version 7.5.1 is vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates. Recommendation Upgrade to version 7.5.1 or later References - CVE - GitHub Advisory...

7.5CVSS4.6AI score0.03877EPSS
Exploits1Affected Software1
OSV
OSV
added 2021/05/10 6:39 p.m.2 views

GHSA-X2FC-MXCX-W4MF Prototype Pollution in mathjs

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates...

7.3CVSS7.1AI score0.03877EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2021/05/10 6:39 p.m.63 views

Prototype Pollution in mathjs

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates...

7.5CVSS7AI score0.03877EPSS
Exploits1References10Affected Software1
RedhatCVE
RedhatCVE
added 2020/10/13 8:20 p.m.44 views

CVE-2020-7743

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates...

7.5CVSS3.5AI score0.03877EPSS
Exploits1References3
NVD
NVD
added 2020/10/13 10:15 a.m.39 views

CVE-2020-7743

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates...

7.5CVSS0.03877EPSS
Exploits1References6
OSV
OSV
added 2020/10/13 10:15 a.m.16 views

CVE-2020-7743

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates...

7.3CVSS6.7AI score
Exploits0References6
Cvelist
Cvelist
added 2020/10/13 9:15 a.m.40 views

CVE-2020-7743 Prototype Pollution

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates...

7.3CVSS7.1AI score0.03877EPSS
Exploits1References6
CVE
CVE
added 2020/10/13 9:15 a.m.97 views

CVE-2020-7743

The vulnerability described in CVE-2020-7743 affects the mathjs package prior to version 7.5.1, enabling Prototype Pollution via the deepExtend function during configuration updates. This is a general software vulnerability in mathjs, with no explicit exploit details provided in the connected doc...

7.5CVSS7.1AI score0.03877EPSS
Exploits1References6Affected Software1
Snyk
Snyk
added 2020/10/07 3:29 p.m.4 views

Prototype Pollution

Overview mathjs is a math library for JavaScript and Node.js. It features a flexible expression parser with support for symbolic computation, comes with a large set of built-in functions and constants, and offers an integrated solution to work with diff. Affected versions of this package are...

7.5CVSS8.1AI score0.03877EPSS
Exploits1References2
Krebs on Security
Krebs on Security
added 2020/10/02 6:20 p.m.20 views

Attacks Aimed at Disrupting the Trickbot Botnet

Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot, an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/07/29 12:0 a.m.33 views

Cisco IOS XE Software Information Disclosure Vulnerability (cisco-sa-20190327-info)

According to its self-reported version, Cisco IOS XE Software is affected by an unspecified vulnerability in the Secure Storage feature of Cisco IOS XE that allows an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper...

4.4CVSS5.2AI score0.00232EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/07/29 12:0 a.m.35 views

Cisco IOS Software Information Disclosure Vulnerability (cisco-sa-20190327-info)

According to its self-reported version, Cisco IOS Software is affected by an unspecified vulnerability in the Secure Storage feature of Cisco IOS that allows an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory...

4.4CVSS5.2AI score0.00232EPSS
Exploits0References3
NVD
NVD
added 2019/03/28 1:29 a.m.21 views

CVE-2019-1762

A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software...

4.4CVSS4.4AI score0.00232EPSS
Exploits0References2
Prion
Prion
added 2019/03/28 1:29 a.m.23 views

Design/Logic Flaw

A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software...

2.1CVSS4.5AI score0.00232EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2019/03/28 12:30 a.m.87 views

CVE-2019-1762

Cisco IOS and IOS XE Information Disclosure vulnerability (CVE-2019-1762) arises from improper memory operations in the Secure Storage feature during encryption of configuration updates. An authenticated, local attacker could retrieve contents of memory locations and disclose keying materials emb...

4.4CVSS4.3AI score0.00232EPSS
Exploits0References2Affected Software2
Cisco
Cisco
added 2019/03/27 4:0 p.m.68 views

Cisco IOS and IOS XE Software Information Disclosure Vulnerability

A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software...

4.4CVSS1AI score0.00232EPSS
Exploits0References1
OSV
OSV
added 2018/07/24 5:29 p.m.5 views

CVE-2018-8855

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP...

9.8CVSS5.8AI score0.00827EPSS
Exploits0References1
Rows per page
Query Builder