CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Code423n4•added 2023/08/28 12:0 a.m.•8 views

_getUtility function may be vulnerable to precision loss

Lines of code Vulnerability details Impact When calculating r0 and r1 in the getUtility function precision loss may occur due to the use of the standard devision operator / instead of the devision functions of ABDKMath64x64. As the other values in the equation make use of the library's methods if...

Code423n4•added 2023/08/26 12:0 a.m.•10 views

M-22 Unmitigated

Lines of code Vulnerability details Comments The underlying yield vaults used by the V5 vaults usually round down shares received when depositing. As a result, if the Vault deposits to an underlying yield vault that has already issued shares, it is possible that a deposit could be rounded down to...

Code423n4•added 2023/08/24 12:0 a.m.•11 views

Loss of precision in the YieldVault causes DoS when depositing from the Vault

Lines of code Vulnerability details Title Loss of precision in the YieldVault causes DoS when depositing from the Vault Original Issue M-22 - Loss of precision leads to undercollateralized Details The original demonstrates how the Vault could fall into undercollateralization mode if the YieldVaul...

6.6AI score

CNNVD•added 2023/08/18 12:0 a.m.•2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from incorrect validator pruning due to missing register precision contamination...

10CVSS7.6AI score0.03546EPSS

Exploits0References13

Code423n4•added 2023/08/07 12:0 a.m.•7 views

Calculations like valueX8 and liquidity do not account for potential rounding errors

Lines of code Vulnerability details Impact These small inaccuracies could accumulate and cause the total supply of liquidity tokens to not exactly match the vault holdings. This could allow an attacker to potentially deposit tokens, get liquidity that is slightly higher than what they should base...

Code423n4•added 2023/08/07 12:0 a.m.•8 views

Potential Precision Loss in claimFee() due to Division Before Multiplication

Lines of code Vulnerability details Impact The function claimFee may result in precision loss when calculating the addedValue variable. This issue arises due to division being performed before multiplication, leading to the possibility of truncated values and incorrect results. Proof of Concept T...

Code423n4•added 2023/08/04 12:0 a.m.•7 views

Incorrect Interest Accrual Calculation in 'SGLCommon' Contract

Lines of code Vulnerability details Description The 'SGLCommon' contract contains a critical vulnerability in the interest accrual calculation, particularly in the computation of the 'extraAmount' used for accruing interest. The flaw arises from always dividing by 1e18, disregarding the number of...

Code423n4•added 2023/08/02 12:0 a.m.•19 views

Potential Early Exploit in Morho-Aave ERC4626 Implementation

Lines of code Vulnerability details Impact The issue discovered can be exploited when a vault is initially empty. A malicious actor could frontrun a legitimate user's deposit, contributing a negligible amount to the vault. This allows the actor to own shares while the total asset in the vault is...

Code423n4•added 2023/07/31 12:0 a.m.•10 views

Divide before multiply

Lines of code Vulnerability details Impact Solidity's integer division truncates. Thus, performing division before multiplication can lead to precision loss. Proof of Concept Tools Used Recommended Mitigation Steps Consider ordering multiplication before division. Assessed type Math --- The text...

Tenable Nessus•added 2023/07/25 12:0 a.m.•16 views

Cisco NX-OS Software for Nexus 5500, 5600, and 6000 Series Switches Precision Time Protocol Denial of Service (CVE-2018-0378)

A vulnerability in the Precision Time Protocol PTP feature of Cisco Nexus 5500, 5600, and 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a lack of...

8.6CVSS8AI score0.04483EPSS

Exploits0References4

Code423n4•added 2023/07/13 12:0 a.m.•12 views

Division before Multiplication could incur unnecessary precision loss

Lines of code Vulnerability details Impact Division before multiplication could incur unnecessary precision loss causing loss of funds. Proof of Concept In the dynamicQuorumVotes function of NounsDAOV3DynamicQuorum.sol contract the value of againstVotesBPS is first calculated by dividing a value ...

Code423n4•added 2023/07/10 12:0 a.m.•9 views

There is a large precision error in sqrt calculation of lp

Lines of code Vulnerability details Impact Compared with div, there is a larger precision error in calculating lp through sqrt, so there should be a way to check whether there are excess tokens left when adding liquidity. Proof of Concept function testCalcLpTokenSupplyDiff public uint256 memory...

Positive Technologies•added 2023/07/05 12:0 a.m.•3 views

PT-2025-53998

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the mlx5e ptp open function within the net/mlx5e module. Specifically, if kvzalloc node or kvzalloc operations fail during the function's execution, memory pointe...

4.9CVSS7.9AI score0.00168EPSS

Code423n4•added 2023/06/21 12:0 a.m.•4 views

potential arithmetic overflow in the code under review.

Lines of code Vulnerability details Summary This report highlights a high vulnerability related to potential arithmetic overflow in the code under review. Vulnerability Details The code performs arithmetic operations, such as addition, subtraction, multiplication, and division, on sdk.Int values...

7.2AI score

Ubuntu•added 2023/05/29 5:19 a.m.•84 views

USN-6097-1: Linux PTP vulnerability

It was discovered that Linux PTP did not properly perform a length check when forwarding a PTP message between ports. A remote attacker could possibly use this issue to access sensitive information, execute arbitrary code, or cause a denial of service...

8.8CVSS7.9AI score0.02955EPSS