Lucene search
K

198 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 6:11 a.m.4 views

SUSE CVE-2007-3007

PHP 5 before 5.2.3 does not enforce the openbasedir or safemode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function...

5CVSS7AI score0.02695EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.4 views

SUSE CVE-2007-6061

Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service recording deadlock by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete...

5CVSS6.6AI score0.03413EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.4 views

SUSE CVE-2011-4690

Opera 11.60 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...

5CVSS6.5AI score0.01249EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.6 views

SUSE CVE-2011-4691

Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...

5CVSS6.3AI score0.01129EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:30 a.m.3 views

SUSE CVE-2018-6556

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a...

5.1CVSS6.9AI score0.00347EPSS
Exploits0References10
OSV
OSV
added 2023/02/10 11:4 a.m.1 views

OESA-2023-1075 lxc security update

Containers are insulated areas inside a system, which have their own namespace for filesystem, network, PID, IPC, CPU and memory allocation and which can be created using the Control Group and Namespace features included in the Linux kernel. Security Fixes: lxc-user-nic in lxc through 5.0.1 is...

3.3CVSS6.4AI score0.00702EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.6 views

Micro Focus NetIQ Identity Manager 安全漏洞

Micro Focus NetIQ Identity Manager is a suite of identity management solutions from Micro Focus UK. The solution provides the foundation for account provisioning, user self-service, authorization and Web services, and supports data sharing and synchronization. A security vulnerability exists in...

5.3CVSS5.7AI score0.00466EPSS
Exploits0References2
Code423n4
Code423n4
added 2023/01/19 12:0 a.m.39 views

Solmate safetransfer and safetransferfrom does not check the codesize of the token address, which may lead to fund loss

Lines of code Vulnerability details Impact Possible miscalculation and loss of funds. Proof of Concept In AstariaRouter.commitToLiens, the safetransfer and safetransferfrom doesn’t check the existence of code at the token address. This is a known issue while using solmate’s libraries.Hence this m...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/01/19 12:0 a.m.11 views

Proper use of dependecy

Lines of code Vulnerability details Impact Using safeTransferFrom of solmate. There is no checking the token address is exist Proof of Concept After consulting the dev, the only check for making sure the token exist is a list on the UI/fontend side. A highly motivated attacker can easily disable...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/21 12:0 a.m.14 views

SOLMATE SAFETRANSFER AND SAFETRANSFERFROM DOES NOT CHECK THE CODESIZE OF THE TOKEN ADDRESS, WHICH MAY LEAD TO FUND LOSS

Lines of code Vulnerability details Impact Reference from a previous Contrest : In uniswapV3SwapCallback and sendPaprFromAuctionFees the safetransfer and safetransferfrom doesn’t check the existence of code at the token address. This is a known issue while using solmate’s libraries. Hence this ma...

7AI score
Exploits0
OSV
OSV
added 2022/12/06 4:15 p.m.4 views

CVE-2022-46382

RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar, users are issued authentication tokens tied to their account to perform actions within Digital Rebar. During the...

8.8CVSS5.8AI score0.00625EPSS
Exploits0References1
CVE
CVE
added 2022/12/06 12:0 a.m.58 views

CVE-2022-46382

Summary: CVE-2022-46382 affects RackN Digital Rebar up to version 4.10.8, where authentication tokens issued after login could still authorize actions even if the user account no longer exists. The root cause is insecure token validation during the lifecycle of a user account, enabling deleted us...

8.8CVSS8.8AI score0.00625EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/11/29 6:30 p.m.44 views

GHSA-96VH-4RFP-C42C HTSJDK is vulnerable to exposure of resource(s) to the wrong sphere

The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it...

7.8CVSS5.9AI score0.00699EPSS
Exploits1References5
Code423n4
Code423n4
added 2022/11/28 12:0 a.m.5 views

Not checking if tokenId exist on distributeFees

Lines of code Vulnerability details Impact Not checking if tokenId exist on distributeFees can set the msg.value to uncreated tokenId Proof of Concept For example an Owner mistakenly call distributeFee with a tokenId which doesn't exist, then the function will success, but unfortunately any user...

6.9AI score
Exploits0
OSV
OSV
added 2022/11/11 11:4 a.m.3 views

OESA-2022-2056 three-eight-nine-ds-base security update

389-ds-base is an LDAPv3 compliant server which includes the LDAP server and command line utilities for server administration. Security Fixes: When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an...

5.3CVSS7.1AI score0.01538EPSS
Exploits0References2
Code423n4
Code423n4
added 2022/10/12 12:0 a.m.12 views

Lack of a contract existence check may lead to undefined behavior

Lines of code Vulnerability details Impact Low-level calls call/delegatecall/staticcall return true even if the account called is non-existent per EVM design. Solidity documentation warns: “The low-level functions call, delegatecall and staticcall return true as their first return value if the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/10/01 12:0 a.m.8 views

Lack of check for contract existance can cause loss of funds during transfers

Lines of code Vulnerability details Impact The current transfers will not check if the to address is for an existing token contract. This can cause loss of funds if an user attempts to make a swap for a tokens added to a pool and destructed later. Proof of Concept TokenA gets added to a pool The...

7AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/09/15 4:15 p.m.3 views

CVE-2022-40637

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...

7.8CVSS7.5AI score0.00486EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/12 3:15 p.m.5 views

CVE-2022-20300

In Content, there is a possible way to check if the given account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

5.5CVSS5.9AI score0.00089EPSS
Exploits0References2
OSV
OSV
added 2022/08/12 3:15 p.m.6 views

CVE-2022-20300

In Content, there is a possible way to check if the given account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

5.5CVSS5.9AI score0.00089EPSS
Exploits0References1
Rows per page
Query Builder