CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Code423n4•added 2022/03/16 12:0 a.m.•10 views

Executors can steal funds meant to be sent to users

Lines of code Vulnerability details Impact The executor can provide any value it wants as the tokenGasPrice when it calls sendFundsToUser since it is not included in the hash checks. The executor can set the value to be exactly the number that will take all of the funds the user is requesting...

Code423n4•added 2022/03/16 12:0 a.m.•9 views

An owner can rug pull and or lock users' funds

Lines of code Vulnerability details Impact By implementing malicious versions of the interfaces required by the contracts used in the set functions, an owner can rug pull user positions. Even if the owner is benevolent the fact that there is a rug vector available may negatively impact the...

7.1AI score

Code423n4•added 2022/03/03 12:0 a.m.•7 views

Schain owners can rug pull users' funds

Lines of code Vulnerability details Impact Once a chain has been killed the chain owner is able to call getFunds on each of the deposit boxes and transfer funds/tokens wherever he/she wishes Even if the owner is benevolent the fact that there is a rug vector available may negatively impact the...

Malwarebytes•added 2022/02/25 12:50 p.m.•19 views

Google and Microsoft accused of feeding smaller search engines spam ads

Google and Microsoft appear to have been flooding their smaller search engine rivals with spam ads, to limit the number of higher-value ads that appear on them, according to data viewed by POLITICO. Ads are considered "spam" if they appear in search results but have little to no relevance to the...

7.2AI score

Hacker One•added 2022/02/21 7:10 p.m.•656 views

Sifchain: Subdomain Takeover on proxies.sifchain.finance pointing to vercel

Hello Team, Subdomain takeover vulnerabilities occur when a subdomain subdomain.example.com is pointing to a service e.g. GitHub pages, Heroku, etc. that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that subdomain...

7AI score

Code423n4•added 2022/02/17 12:0 a.m.•10 views

admin can rug pull

Lines of code Vulnerability details In the links I provided, the admin can steal all user funds. this can cause reputation risk. --- The text was updated successfully, but these errors were encountered: All reactions...

Malwarebytes•added 2022/02/04 1:9 p.m.•29 views

FBI warns of bogus job postings on recruitment sites

Before Christmas was a busy time down at the fake job factory, with all manner of dubious antics out to ruin someone’s day. We’re now info February and the bogus job offers show no sign of abating. In fact, the FBI considers it to be such a problem that its issued an alert. This isn’t your typica...

Code423n4•added 2022/01/19 12:0 a.m.•11 views

Admin can rug L2 Escrow tokens leading to reputation risk

Handle harleythedog Vulnerability details Impact The L1Escrow contract has the function approve that is callable by the admin to approve an arbitrary spender with an arbitrary amount so they can steal all of the escrow's holdings if they want. Even if the admin is well intended, the contract can...

7AI score

Malwarebytes•added 2021/11/16 10:56 a.m.•51 views

New Mac malware raises more questions about Apple’s security patching

Apples reputation on security has been taking a beating lately. As mentioned in some of our previous coverage, security researcher Joshua Long recently shone a light on problems with Apples security patching strategy. His findings showed a shocking number of cases where Apple patched a...

9.3CVSS9.8AI score0.14542EPSS

OpenVAS•added 2021/11/08 12:0 a.m.•15 views

Mozilla Firefox Security Advisory (MFSA2016-11) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

4.7CVSS7.1AI score0.01934EPSS

Exploits0References3

NCSC•added 2021/10/07 12:0 a.m.•3 views

Vulnerability fixed in Cisco Email Security Appliance

Cisco has fixed a vulnerability in the Email Security Appliance. An unauthenticated malicious person could exploit the vulnerability to use a specially prepared URL to still bypass the URL Reputation filters and, in effect, the entire filtering system. The integrity or continuity of the Appliance...

5.8CVSS6.9AI score0.01033EPSS

OSV•added 2021/10/06 8:15 p.m.•1 views

CVE-2021-1534

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker...

5.3CVSS6.1AI score

NVD•added 2021/10/06 8:15 p.m.•14 views

CVE-2021-1534

5.8CVSS0.01033EPSS

Prion•added 2021/10/06 8:15 p.m.•17 views

Input validation

5CVSS5.4AI score0.01033EPSS

Exploits0References1Affected Software1

CVE•added 2021/10/06 7:35 p.m.•58 views

CVE-2021-1534

CVE-2021-1534 : A vulnerability in Cisco AsyncOS for Cisco Email Security Appliance (ESA) allows an unauthenticated, remote attacker to bypass URL reputation filters by exploiting improper URL processing. Affected product: Cisco ESA/AsyncOS. Impact: bypass of URL filtering, enabling malicious URL...

5.8CVSS5.5AI score0.01033EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2021/10/06 7:35 p.m.•9 views

CVE-2021-1534 Cisco Email Security Appliance URL Filtering Bypass Vulnerability

5.8CVSS7AI score0.01033EPSS

Cisco•added 2021/10/06 4:0 p.m.•46 views

Cisco Email Security Appliance URL Filtering Bypass Vulnerability

5.8CVSS5.5AI score0.01033EPSS