CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2022/06/02 1:13 p.m.•2 views

CLSA-2022-1654175590 Fixed CVE-2022-24070 in subversion-4.module_el8.5.0+2053+ac338b6d.tuxcare.els1

CVE-2022-24070: fix use-after-free of object-pools when used as httpd module...

7.5CVSS6.9AI score0.08757EPSS

OSV•added 2022/06/02 1:9 p.m.•7 views

CLSA-2022-1654175372 Fixed CVE-2022-24070 in subversion-4.module_el8.4.0+2052+ac338b6d.tuxcare.els1

CVE-2022-24070: fix use-after-free of object-pools when used as httpd module...

7.5CVSS6.9AI score0.08757EPSS

Code423n4•added 2022/05/08 12:0 a.m.•8 views

PermissionlessBasicPoolFactory.sol Does Not Support Reward Tokens With Decimals Other Than 18

Lines of code Vulnerability details Impact The PermissionlessBasicPoolFactory.sol contract allows anyone to add staking pools which users can participate in to earn reward tokens. Pools are segregated to ensure malicious pools cannot siphon tokens from honest pools. Upon the addition of a new poo...

6.7AI score

Code423n4•added 2022/05/08 12:0 a.m.•7 views

steal user funds with front-running when he calls depositTokens() of MerkleVesting and MerkleResistor with wrong treeIndex (uninitiated)

Lines of code Vulnerability details Impact This nature of this bug is similar in MerkleVesting and MerkleResistor and MerkleDropFactory, so I only write MerkleDropFactory version: If a user calls depositTokens with wrong treeIndex value by mistake, attacker can perform front-running attack and...

6.7AI score

Code423n4•added 2022/05/08 12:0 a.m.•7 views

Bogus deposits in Pools possible

Lines of code Vulnerability details Impact Bogus deposits in the Pools is possible by calling the function deposit with a malicious ERC20 token that always returns true whenever transferFrom is called. Tools Used Manual Inspection Recommended Mitigation Steps Create a whitelist of allowed ERC20...

Code423n4•added 2022/05/08 12:0 a.m.•7 views

Pools and trees may be underfunded for fee-on-transfer tokens

Lines of code Vulnerability details Pools, vesting trees, and airdrop trees may all be created with fee-on-transfer tokens. When each of these entities is funded by a transfer in, their internal accounting assumes they receive the full amount transferred. However, they may actually receive fewer...

RedhatCVE•added 2022/04/13 5:37 a.m.•35 views

CVE-2022-24070

A use-after-free vulnerability was found in Subversion in the moddavsvn Apache HTTP server HTTPd module. While looking up path-based authorization authz rules, multiple calls to the postconfig hook can invalidate cached pointers to object-pools, which Subversion subsequently uses. This issue...

7.5CVSS7.5AI score0.08757EPSS

Exploits0References4

MSRC•added 2022/04/05 6:0 p.m.•28 views

Randomizing the KUSER_SHARED_DATA Structure on Windows

Windows 10 made a lot of improvements in Kernel Address Space Layout Randomization KASLR that increases the cost of exploitation, particularly for remote code execution exploits. Many kernel virtual address space VAS locations including kernel stacks, pools, system PTEs etc. are randomized. A...

3.4AI score

MSRC•added 2022/04/05 7:0 a.m.•16 views

Randomizing the KUSER_SHARED_DATA Structure on Windows

3.6AI score

Code423n4•added 2022/03/31 12:0 a.m.•4 views

Incorrect borrowLimit used in calculating principal to withdraw for non-activated pools that are terminated

Lines of code Vulnerability details Impact LenderPool does not check the status of CreditLine when admin calls terminate. Thus if a careless admin discovered some malicious borrower and accidentaly terminated the pool before it went active, excessive tokens will be withdrawn, resulting in stolen...

OpenVAS•added 2022/01/28 12:0 a.m.•34 views

Mageia: Security Advisory (MGASA-2018-0460)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.2AI score0.86006EPSS

Exploits0References8

Code423n4•added 2022/01/25 12:0 a.m.•6 views

LP inflation attack is possible as pools can be created with zero liquidity

Handle hyh Vulnerability details Impact A griefing by LP inflation attack is possible: an attacker can create pools for popular token pairs, provide a tiny amount of initial liquidity with addLiquidity, then send big enough amounts of base and quote tokens to the pool contract Exchange just...

6.9AI score

Code423n4•added 2022/01/13 12:0 a.m.•4 views

[WP-H39] PoolTemplate.sol#resume() Wrong implementation of resume() will compensate overmuch redeem amount from index pools

Handle WatchPug Vulnerability details Root Cause Wrong arithmetic. uint256 deductionFromIndex = debt totalCredit MAGICSCALE1E6 / totalLiquidity; uint256 actualDeduction; for uint256 i = 0; i 0 uint256 shareOfIndex = credit MAGICSCALE1E6 / totalCredit; uint256 redeemAmount = divCeil...

6.9AI score

Code423n4•added 2022/01/05 12:0 a.m.•18 views

vulnerability

Handle 0v3rf10w Vulnerability details In technical terms, Timeswap is an automated protocol based on the use of liquidity pools and implemented on the Ethereum blockchain. Users create liquidity pools with the participation of smart contracts. One pool is one marketplace providing exchange in a...

7.1AI score

NVD•added 2022/01/03 8:15 a.m.•14 views

CVE-2021-30298

Possible out of bound access due to improper validation of item size and DIAG memory pools data while switching between USB and PCIE interface in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wire...

7.8CVSS0.00144EPSS

Cvelist•added 2022/01/03 7:26 a.m.•18 views

CVE-2021-30298

6.7CVSS7.9AI score0.00144EPSS

Code423n4•added 2021/12/21 12:0 a.m.•6 views

VaderRouterV2 exposes LPs to unlimited slippage on joins

Handle TomFrenchBlockchain Vulnerability details Impact LPs using VaderRouterV2 are subject to incurring unlimited slippage due to manipulation of the pool's reserves. Proof of Concept This finding is similar to finding "VaderRouter exposes LPs to unlimited slippage on joins" however that applies...