Lucene search
K

715 matches found

CVE
CVE
added 2023/09/18 12:0 a.m.49 views

CVE-2023-34195

Insyde InsydeH2O (kernel 5.0–5.5) contains a vulnerability in SystemFirmwareManagementRuntimeDxe where GetImage reads a runtime variable GetImageProgress and later uses its value as a function pointer. The GetImageProgress variable is wiped by the same module before function end. If an OS sets th...

7.8CVSS7.7AI score0.0022EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/09/18 12:0 a.m.6 views

Vyper Security Vulnerability

Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper versions 0.2.9 through 0.3.10, which stems from the fact that locks of type @nonreentrant or @nonreentrant are not reentrant-checked at runtime...

5.3CVSS6.8AI score0.00423EPSS
Exploits1References5
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.9 views

Transfering Bonds would create confusion among delegators because of non-deletion of unbondingLocks & assigning all the new delegators the same unbounding id

Lines of code Vulnerability details transferBond function is used to transfers ownership of a bond to a new delegator using optional hints if needed. Here the old unbound lock is deleted after creating a new one in unbondWithHint function. But the problem lies in the delete operation as it does n...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.6 views

Users can abuse VotingEscrow.delegate() to avoid voting power decay. Additionally, users can delegate expired locks to regain full voting power.

Lines of code Vulnerability details Impact Voting power will not decay over the course of the lock. Proof of Concept The VotingEscrow.delegate function allows users to delegate to locks with a longer expiry time. See the below code snippet and inline comments: requiretoLocked.end = fromLocked.end...

6.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/08/09 2:27 p.m.20 views

Vyper has incorrectly allocated named re-entrancy locks

Impact In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of...

9.1CVSS6.7AI score0.00706EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2023/08/09 2:27 p.m.1 views

GHSA-5824-CM3X-3C38 Vyper has incorrectly allocated named re-entrancy locks

Impact In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of...

9.1CVSS6.2AI score0.00706EPSS
Exploits1References8
OSV
OSV
added 2023/08/07 7:15 p.m.20 views

PYSEC-2023-142

Vyer is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in...

5.9CVSS6.2AI score0.00706EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/08/07 6:40 p.m.22 views

CVE-2023-39363 Vyper incorrectly allocated named re-entrancy locks

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in...

9.1CVSS5.8AI score0.00706EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/08/07 12:0 a.m.4 views

PT-2023-26896 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.2.15 through 0.3.0 Description: The issue arises from the incorrect allocation of named re-entrancy locks in Vyper versions 0.2.15, 0.2.16, and 0.3.0. Each function using a named re-entrancy lock gets a unique lock regardless...

9.1CVSS7.1AI score0.00706EPSS
Exploits1References14
OSV
OSV
added 2023/07/25 12:19 p.m.7 views

CLSA-2023-1690287378 kernel: Fix of 28 CVEs

ALSA: pcm: Fix races among concurrent prealloc proc writes CVE-2022-1048 - ALSA: pcm: Fix races among concurrent prepare and hwparams/hwfree calls CVE-2022-1048 - ALSA: pcm: Fix races among concurrent read/write and buffer changes CVE-2022-1048 - ALSA: pcm: Fix races among concurrent hwparams and...

8.1CVSS6AI score0.12966EPSS
Exploits18References1
Amazon
Amazon
added 2023/06/07 12:0 a.m.37 views

Medium: curl

Issue Overview: The curl advisory describes this issue as follows: curl supports communicating using the TELNET protocol and as a part of this it offers users to pass on user name and "telnet options" for the server negotiation. Due to lack of proper input scrubbing and without it being the...

9.8CVSS6.9AI score0.02195EPSS
Exploits6
NVD
NVD
added 2023/06/02 11:15 a.m.21 views

CVE-2022-46307

SGUDA U-Lock central lock control service’s lock management function has incorrect authorization. A remote attacker with general privilege can exploit this vulnerability to call privileged APIs to acquire information, manipulate or disrupt the functionality of arbitrary electronic locks...

8.8CVSS8.7AI score0.00734EPSS
Exploits0References1
Prion
Prion
added 2023/06/02 11:15 a.m.20 views

Authorization

SGUDA U-Lock central lock control service’s lock management function has incorrect authorization. A remote attacker with general privilege can exploit this vulnerability to call privileged APIs to acquire information, manipulate or disrupt the functionality of arbitrary electronic locks...

6.5CVSS8.6AI score0.00734EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/06/02 12:0 a.m.30 views

CVE-2022-46307 SGUDA U-Lock - Broken Access Control

SGUDA U-Lock central lock control service’s lock management function has incorrect authorization. A remote attacker with general privilege can exploit this vulnerability to call privileged APIs to acquire information, manipulate or disrupt the functionality of arbitrary electronic locks...

8.8CVSS8.8AI score0.00734EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/06/02 12:0 a.m.6 views

PT-2023-14904 · Sguda · Sguda U-Lock

Name of the Vulnerable Software and Affected Versions: SGUDA U-Lock central lock control service affected versions not specified Description: The issue is related to incorrect authorization in the lock management function of the SGUDA U-Lock central lock control service. A remote attacker with...

8.8CVSS8.4AI score0.00734EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/02 12:0 a.m.3 views

SGUDA U-Lock 安全漏洞

SGUDA U-Lock is a smart electronic lock from SGUDA China. A security vulnerability exists in SGUDA U-Lock, which stems from an authorization error in the lock management function of the central locking service. A remote attacker could use this vulnerability to invoke a privileged API to obtain...

8.8CVSS8AI score0.00734EPSS
Exploits0References2
CVE
CVE
added 2023/06/02 12:0 a.m.43 views

CVE-2022-46307

CVE-2022-46307 affects SGUDA U-Lock central lock control service. The lock management function has incorrect authorization, enabling a remote attacker with general privileges to call privileged APIs to obtain information, manipulate, or disrupt electronic locks. Connected sources corroborate the ...

8.8CVSS8.7AI score0.00734EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/02 12:0 a.m.7 views

CVE-2022-46307 SGUDA U-Lock - Broken Access Control

SGUDA U-Lock central lock control service’s lock management function has incorrect authorization. A remote attacker with general privilege can exploit this vulnerability to call privileged APIs to acquire information, manipulate or disrupt the functionality of arbitrary electronic locks...

8.8CVSS7.1AI score0.00734EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/05/11 8:47 a.m.2 views

CVE-2022-46307

SGUDA U-Lock central lock control service’s lock management function has incorrect authorization. A remote attacker with general privilege can exploit this vulnerability to call privileged APIs to acquire information, manipulate or disrupt the functionality of arbitrary electronic locks...

8.8CVSS7.5AI score0.00734EPSS
Exploits0References2
Code423n4
Code423n4
added 2023/05/11 12:0 a.m.11 views

Race condition vulnerability in positionManager minting function

Lines of code Vulnerability details Impact race condition vulnerability can result in the issuance of duplicate token IDs. When multiple transactions are executed in quick succession attempting to mint tokens, they may end up being assigned the same ID due to a shared counter or variable used to...

6.8AI score
Exploits0
Rows per page
Query Builder