CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2022/10/12 9:15 p.m.•15 views

Denial of service

5CVSS6AI score0.00195EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2022/10/12 12:0 a.m.•4 views

CVE-2022-41316

5.2AI score0.00195EPSS

Cvelist•added 2022/10/12 12:0 a.m.•22 views

CVE-2022-41316

5.5AI score0.00195EPSS

CNNVD•added 2022/10/12 12:0 a.m.•3 views

HashiCorp Vault 信任管理问题漏洞

HashiCorp Vault is a private key access management tool from the US-based HashiCorp. A security vulnerability exists in HashiCorp Vault and Vault Enterprise that stems from its TLS certificate authentication method initially failing to load an optionally configurable CRL issued by the role's CA...

5.3CVSS6.3AI score0.00195EPSS

Exploits0References4

AlpineLinux•added 2022/10/12 12:0 a.m.•55 views

CVE-2022-41316

5.3CVSS5.2AI score0.00195EPSS

Positive Technologies•added 2022/10/11 12:0 a.m.•1 views

PT-2022-25812 · Hashicorp +1 · Hashicorp Vault +2

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions prior to 1.12.0 HashiCorp Vault and Vault Enterprise versions prior to 1.11.4 HashiCorp Vault and Vault Enterprise versions prior to 1.10.7 HashiCorp Vault and Vault Enterprise versions prior to...

5.3CVSS5.4AI score0.00195EPSS

Exploits0References15

Code423n4•added 2022/10/10 12:0 a.m.•11 views

Griefing of execute transaction sender

Lines of code Vulnerability details Description In function execute from BlurExchange contract there is a call of executeTokenTransfer function. The last one contains the following logic: function executeTokenTransfer address collection, address from, address to, uint256 tokenId, uint256 amount,...

7AI score

Debian•added 2022/10/06 4:7 p.m.•38 views

[SECURITY] [DSA 5249-1] strongswan security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5249-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 06, 2022 https://www.debian.org/security/faq -...

7.5CVSS7.5AI score0.00222EPSS

Tenable Nessus•added 2022/10/05 12:0 a.m.•94 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : strongSwan vulnerability (USN-5651-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5651-1 advisory. Lahav Schlesinger discovered that strongSwan incorrectly handled certain OCSP URIs and and CRL distribution points CDP in certificates. A...

7.5CVSS7.5AI score0.00222EPSS

OSV•added 2022/10/03 5:35 p.m.•1 views

USN-5651-1 strongswan vulnerability

Lahav Schlesinger discovered that strongSwan incorrectly handled certain OCSP URIs and and CRL distribution points CDP in certificates. A remote attacker could possibly use this issue to initiate IKESAs and send crafted certificates that contain URIs pointing to servers under their control, which...

7.5CVSS7.3AI score0.00222EPSS

OSV•added 2022/10/03 12:0 a.m.•2 views

UBUNTU-CVE-2022-40617

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity and intermediate CA certificate that contains a CRL/OCSP URL that points to a server under the attacker's control that doesn't properly respond but for example jus...

7.5CVSS7.3AI score0.00222EPSS

Exploits0References4

Positive Technologies•added 2022/10/03 12:0 a.m.•1 views

PT-2022-7595 · Unknown +5 · Strongswan +5

Name of the Vulnerable Software and Affected Versions: strongSwan versions prior to 5.9.8 Description: The issue is related to an uncontrolled resource consumption in the revocation plugin of the StrongSwan VPN client. It allows a remote attacker to cause a denial of service by sending a crafted...

9.8CVSS7.2AI score0.05318EPSS

Exploits0References58

UbuntuCve•added 2022/10/03 12:0 a.m.•84 views

CVE-2022-40617

7.5CVSS7.2AI score0.00222EPSS

FreeBSD•added 2022/10/03 12:0 a.m.•31 views

strongswan -- DOS attack vulnerability

Lahav Schlesinger reported a bug related to online certificate revocation checking that can lead to a denial-of-service attack...

7.5CVSS1.7AI score0.00222EPSS

Exploits0References1

OSV•added 2022/09/27 11:15 p.m.•2 views

CVE-2022-37193

Chipolo ONE Bluetooth tracker 2020 Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the access credentials...

7.4CVSS5.8AI score0.00265EPSS

Vulnrichment•added 2022/09/27 12:54 p.m.•3 views

CVE-2022-37193

7.2AI score0.00265EPSS

Code423n4•added 2022/09/23 12:0 a.m.•12 views

An admin can revoke the claim of a given claimant at any time then withdraw the claim due to said claimant.

Lines of code Vulnerability details Impact I understand the reasoning why admins are given the ability to revoke claims but that power in combination with the fact that an admin can then withdraw said claim that was due to a claimant gives rug vibes. This ability should at least be behind a...

6.8AI score

Code423n4•added 2022/09/23 12:0 a.m.•11 views

Overflow can make a claim impossible to revoke by the admin and fully withdraw by the recipient

Lines of code Vulnerability details Impact In contract VTVLVesting.sol, the multiplication in function baseVestedAmount can overflow for big enough values of truncatedCurrentVestingDurationSecs and linearVestAmount. This means the claim could be successfully created by the admin, but could NEVER ...

6.9AI score

Code423n4•added 2022/09/23 12:0 a.m.•14 views

Employee can be unable to withdraw claimable amount that she or he deserves after admin revokes her or his claim

Lines of code Vulnerability details Impact When an employee has an active claim, this employee can call the following withdraw function to withdraw the claimable amount that she or he is entitled to, which would increase her or his claim's amountWithdrawn. Because the employee is free to call...

6.7AI score