Lucene search
+L

86 matches found

CNNVD
CNNVD
added 2024/03/25 12:0 a.m.4 views

Netty 安全漏洞

Netty is a non-blocking I/O client-server framework from the Netty community, which is primarily used for developing Java web applications such as protocol servers and clients. A security vulnerability exists in versions prior to Netty 4.1.108.Final, which stems from the "HttpPostRequestDecoder"...

5.3CVSS6.4AI score0.0138EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2024/03/25 12:0 a.m.13 views

PT-2024-2588

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.108.Final Description The issue is related to the HttpPostRequestDecoder in Netty, which can be tricked to accumulate data without limits. This can be achieved by sending a chunked post consisting of many small fiel...

7.5CVSS7.2AI score0.99999EPSS
Exploits25References55
OSV
OSV
added 2024/01/25 12:0 a.m.50 views

ALSA-2024:0474 Moderate: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Open Redirect vulnerability in FORM authentication CVE-2023-41080 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows CVE-2023-42794 tomcat: improper...

6.1CVSS6.7AI score0.05972EPSS
Exploits2References10
AlmaLinux
AlmaLinux
added 2024/01/10 12:0 a.m.80 views

Moderate: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Open Redirect vulnerability in FORM authentication CVE-2023-41080 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows CVE-2023-42794 tomcat: improper...

6.1CVSS7.3AI score0.05972EPSS
Exploits2References10
Code423n4
Code423n4
added 2023/12/21 12:0 a.m.12 views

The creator does not receive additional ether - it accumulates on the contract

Lines of code Vulnerability details Impact In some cases, the ERC20TokenEmitter contract may accumulate residual ether that was not sent to the creator. The contract does not have a function to pick up the remaining ether. When a user wants to buy tokens, he sends ether to the...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/11/15 12:0 a.m.5 views

Decimal Precision Issue in Price Calculations

Lines of code Vulnerability details Impact The getRSETHPrice function perform calculations like multiplying prices by amounts without considering the token decimals. This can cause errors to accumulate over multiple calculations. Ignoring token decimals when performing price calculations can caus...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/10/26 12:0 a.m.11 views

Interest accumulation linked to state updates may leak value

Lines of code Vulnerability details Impact The protocol compounds interest on every call that updates the state. This is an intentional design choice. However, this does mean that the total return for the lender, and, conversely, the cost of debt for the borrower, can be influenced by the frequen...

7AI score
Exploits0
Cvelist
Cvelist
added 2023/10/10 5:17 p.m.33 views

CVE-2023-42794 Apache Tomcat: FileUpload: DoS due to accumulation of temporary files on Windows

Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened ...

6.4AI score0.01854EPSS
Exploits0References1
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.4 views

_weight - voter.deductions can revert in underflow when counting the vote

Lines of code Vulnerability details Impact weight - voter.deductions can revert in underflow when counting the vote Proof of Concept In the current implementation, when a voting, the function countVote is triggered, this function is overriden in the function GovernorCountingOverridable.sol weight...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/05/15 12:0 a.m.9 views

Whales can freeze all user funds

Lines of code Vulnerability details Impact Whales can freeze user funds by adding large amounts of a smaller token, while keeping collateral in other tokens. By accumulating interest in the small token, they will be able to call reduceReserves once the interest increased enough to match the cash...

6.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:44 a.m.4 views

SUSE CVE-2021-28677

An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could...

7.5CVSS6.3AI score0.02293EPSS
Exploits0References7
Code423n4
Code423n4
added 2023/02/03 12:0 a.m.11 views

A Theoretical-Gaming Vulnerability

Lines of code Vulnerability details Impact There is a theoretical-gaming vulnerability in the project. Currently, users are able to set up a graph in which money should flow from one vertex to another. The user sets the split configuration on their account and there is a public function...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/24 12:0 a.m.8 views

tokenBalanceOfAddress of nftOwner becomes permanently incorrect after arbRestake

Handle hyh Vulnerability details Impact Sucessfull arbRestake performs redeemShares for arbRewardShares amount to extract the arbitrager reward. This effectively reduces shares accounted for an NFT, but leaves untouched the addressShares of an nftOwner. As a result the tokenBalanceOfAddress...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2021/08/16 12:0 a.m.16 views

Rewards accumaulated can stay constant and oftern not increment

Handle moose-code Vulnerability details Impact rewardsPerToken.accumulated can stay constant while rewardsPerToken.lastUpdated is continually updated, leading to no actual rewards being distributed. I.e. No rewards accumulate. Proof of Concept Line 115, rewardsPerToken.accumulated could stay...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2021/08/11 6:21 p.m.2 views

wildfly: Some EJB transaction objects may get accumulated causing Denial of Service

A flaw was found in Wildfly's EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system...

6.5CVSS5.7AI score0.01203EPSS
Exploits0References4
OSV
OSV
added 2021/06/02 4:15 p.m.1 views

DEBIAN-CVE-2021-28677

An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could...

7.5CVSS6.7AI score0.02293EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/09/07 12:58 p.m.2 views

wildfly: Some EJB transaction objects may get accumulated causing Denial of Service

A flaw was found in Wildfly's EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system...

6.5CVSS5.7AI score0.01203EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/23 8:33 p.m.6 views

wildfly: Some EJB transaction objects may get accumulated causing Denial of Service

A flaw was found in Wildfly's EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system...

6.5CVSS5.7AI score0.01203EPSS
Exploits0References4
CVE
CVE
added 2019/06/27 4:13 p.m.119 views

CVE-2018-16069

CVE-2018-16069 affects SwiftShader in Google Chrome/Chromium. The initial description ties the vulnerability to unintended floating-point error accumulation that could leak cross-origin data via a crafted HTML page. Several connected advisories corroborate that this CVE was addressed in Chromium ...

6.5CVSS6.4AI score0.00902EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/11/12 4:0 p.m.26 views

CVE-2018-1786

IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSEWAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871...

5.3CVSS7.2AI score0.02425EPSS
Exploits0References3
Rows per page
Query Builder