Lucene search
K

100 matches found

Cvelist
Cvelist
added 2024/07/16 11:44 a.m.25 views

CVE-2022-48830 can: isotp: fix potential CAN frame reception race in isotp_rcv()

In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix potential CAN frame reception race in isotprcv When receiving a CAN frame the current code logic does not consider concurrently receiving processes which do not show up in real world usage. Ziyang Xuan writes: The...

0.00199EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/04/12 3:23 p.m.15 views

CVE-2024-30386 Junos OS and Junos OS Evolved: In a EVPN-VXLAN scenario state changes on adjacent systems can cause an l2ald process crash

A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon l2ald of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service DoS. In an EVPN-VXLAN scenario, when state updates are received and...

7.1CVSS6.8AI score0.00267EPSS
Exploits0References2
OSV
OSV
added 2024/02/28 9:15 a.m.2 views

UBUNTU-CVE-2021-46978

In the Linux kernel, the following vulnerability has been resolved: KVM: nVMX: Always make an attempt to map eVMCS after migration When enlightened VMCS is in use and nested state is migrated with vmxgetnestedstate/vmxsetnestedstate KVM can't map evmcs page right away: evmcs gpa is not 'struct...

7.8CVSS6.6AI score0.00241EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2024/01/03 9:48 p.m.19 views

Rust EVM erroneousle handles `record_external_operation` error return

Impact In rust-evm, a feature called recordexternaloperation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a CREATE or CREATE2, in the case that the substack execution...

7.5CVSS7AI score0.00577EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/01/03 9:48 p.m.22 views

GHSA-27WG-99G8-2V4V Rust EVM erroneousle handles `record_external_operation` error return

Impact In rust-evm, a feature called recordexternaloperation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a CREATE or CREATE2, in the case that the substack execution...

5.9CVSS7.4AI score0.00577EPSS
Exploits0References6
NVD
NVD
added 2024/01/02 10:15 p.m.15 views

CVE-2024-21629

Rust EVM is an Ethereum Virtual Machine interpreter. In rust-evm, a feature called recordexternaloperation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a CREATE or...

7.5CVSS6.2AI score0.00577EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/01/02 9:26 p.m.3 views

CVE-2024-21629 Erroneous handling of `record_external_operation` error return

Rust EVM is an Ethereum Virtual Machine interpreter. In rust-evm, a feature called recordexternaloperation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a CREATE or...

5.9CVSS7.1AI score0.00577EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/12/19 12:0 a.m.2 views

EFACEC BCU 500 Cross-Site Request Forgery Vulnerability

The EFACEC BCU 500 is a programmable control system from EFACEC Portugal. The EFACEC BCU 500 suffers from a cross-site request forgery vulnerability that stems from susceptibility to a cross-site request forgery CSRF attack, which could force a user to perform a state change request on an...

8.8CVSS6.7AI score0.00254EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/11/20 7:15 p.m.3 views

CVE-2023-38885

OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery CSRF protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind of state changing request...

8.8CVSS5.6AI score0.00365EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/11/14 3:46 p.m.3 views

kernel: drm/amd/display: fix FCLK pstate change underflow

A calculation flaw was found in the AMD display driver in the Linux kernel. When UCLK p-state is not supported, FCLK p-state change watermarks are incorrectly calculated using dummy values, potentially causing underflow. This can lead to display issues or system instability during power state...

5.8AI score0.00166EPSS
Exploits0References5
Code423n4
Code423n4
added 2023/08/04 12:0 a.m.12 views

LiquidationQueue brings centralization risk in the contract.

Lines of code Vulnerability details Impact the owner has too much unilateral control over liquidations and can manipulate te country in the following ways: The owner of LiquidationQueue sees a profitable liquidation opportunity Before anyone else can liquidate, they use LiquidationQueue to place ...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/05 12:0 a.m.11 views

Reentrancy Vulnerability: The contract inherits from the ReentrancyGuard contract, which smay be vulnerable to reentrancy attacks if not properly handled in the contract's logic.

Lines of code Vulnerability details Impact The impact of the reentrancy vulnerability in the incrementGaugeWeight function can be summarized as follows: Loss of Funds: Attackers can drain funds from the contract or manipulate balances. Unexpected State Changes: Manipulation of variables can lead ...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/06/23 12:0 a.m.6 views

Missing store revert in case of swap error can lead to loss of funds

Lines of code Vulnerability details Impact The module is expected to have no state changes in case a swap failed, and continue to the conversion phase. It was implemented by swallowing the error with a log and continuing with the flow erc20 conversion, etc. This is the relevant code section:...

6.9AI score
Exploits0
PyPA
PyPA
added 2023/05/26 2:15 p.m.8 views

PYSEC-2023-66

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that...

6.5CVSS6.8AI score0.00941EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2023/05/26 1:44 p.m.20 views

CVE-2022-39374

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that...

6.5CVSS6.3AI score0.00941EPSS
Exploits0
Prion
Prion
added 2023/05/09 2:15 a.m.31 views

Design/Logic Flaw

In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and...

6.4CVSS9.2AI score0.00624EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/03/22 6:15 a.m.4 views

CVE-2023-25594

A vulnerability in the web-based management interface of ClearPass Policy Manager allows an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of this vulnerability allows an attacker to...

8.8CVSS7.3AI score0.00459EPSS
Exploits0References1
CVE
CVE
added 2023/03/14 2:54 p.m.62 views

CVE-2023-25594

CVE-2023-25594 concerns Aruba Networks ClearPass Policy Manager, where an attacker with read-only privileges can perform state-changing actions in the web-based management interface. The underlying issue is an authorization bypass that permits higher-impact operations than the attacker’s permissi...

8.8CVSS7.3AI score0.00459EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/14 12:0 a.m.5 views

PT-2023-20185 · Aruba Networks · Clearpass Policy Manager

Name of the Vulnerable Software and Affected Versions: ClearPass Policy Manager affected versions not specified Description: A vulnerability in the web-based management interface of ClearPass Policy Manager allows an attacker with read-only privileges to perform actions that change the state of t...

8.8CVSS6.8AI score0.00459EPSS
Exploits0References3
OSV
OSV
added 2022/09/12 7:15 p.m.4 views

CVE-2022-31225

Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures...

5.1CVSS5.8AI score0.00155EPSS
Exploits0References1
Rows per page
Query Builder