Lucene search
+L

209 matches found

Cvelist
Cvelist
added 2024/04/25 5:21 p.m.52 views

CVE-2024-32646 vyper performs double eval of the slice args when buffer from adhoc locations

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or .code and either the start or length arguments have side-effects...

5.3CVSS5.7AI score0.00451EPSS
Exploits0References1
CVE
CVE
added 2024/04/25 5:21 p.m.77 views

CVE-2024-32646

Vyper CVE-2024-32646 affects the Pythonic smart contract language. The vulnerability concerns the builtin slice when the buffer is msg.data, self.code, or .code and either the start or length has side-effects, causing a double evaluation of those side-effects. It is triggerable only in versions e...

5.3CVSS7AI score0.00451EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/25 12:0 a.m.7 views

PT-2024-24742 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.3.10 and prior Description: The issue arises from using the sqrt builtin in Vyper, which can result in a double eval vulnerability when the argument has side-effects. This occurs because the build IR function of the sqrt...

5.3CVSS6.9AI score0.00451EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/04/25 12:0 a.m.11 views

PT-2024-24740 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.3.10 and prior Description: Using the create from blueprint builtin can result in a double eval vulnerability when raw args=True and the args argument has side-effects. The build create IR function of the create from blueprin...

5.3CVSS7AI score0.00451EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/03/14 12:0 a.m.7 views

PT-2024-40659 · Unknown · Generatedjavaparser

Name of the Vulnerable Software and Affected Versions: GeneratedJavaParser affected versions not specified Description: A security exception crash has been reported. The crash involves the com.github.javaparser.GeneratedJavaParser.Expression class, the java.base/java.lang.String.startsWith method...

7AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/12/20 12:0 a.m.7 views

PT-2023-31461 · Cesanta · Mjs

Name of the Vulnerable Software and Affected Versions: Cesanta MJS versions 2.20.0 through 2.22.0 Description: The issue is related to an out-of-bounds read in the getprop builtin foreign function when a Built-in API name occurs in a substring of an input string. This can lead to a buffer overflo...

9.8CVSS9.7AI score0.0086EPSS
Exploits1References5
OSV
OSV
added 2023/09/25 6:15 p.m.9 views

AZL-30045 CVE-2023-4156 affecting package gawk for versions less than 5.1.1-1

A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information...

7.1CVSS6.7AI score0.00428EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2023/09/22 12:0 a.m.7 views

The vulnerability in the builtin.c component allows for data reformatting according to specified templates using Gawk. This enables an attacker to gain unauthorized access to protected information or cause service failures.

The vulnerability of the builtin.c component, related to data reformatting functions using the Gawk template engine, stems from the operation of writing data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...

3.3CVSS6.7AI score0.00428EPSS
Exploits1References12Affected Software5
Veracode
Veracode
added 2023/09/05 9:3 a.m.22 views

Business Logic Errors

vyper is vulnerable to Business Logic Errors. The vulnerability exists because the order of evaluation of the arguments of the builtin functions uint256addmod, uint256mulmod, ecadd and ecmul does not follow source order, which can be exploited by an attacker to create contracts that behave...

5.3CVSS6.8AI score0.00455EPSS
Exploits1References4Affected Software1
PyPA
PyPA
added 2023/09/04 6:15 p.m.10 views

PYSEC-2023-168

Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions uint256addmod, uint256mulmod, ecadd and ecmul does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side...

5.3CVSS6.6AI score0.00455EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2023/09/04 5:36 p.m.69 views

CVE-2023-41052

Vyper CVE-2023-41052 affects the Pythonic smart contract language Vyper. In affected versions, the evaluation order of arguments to builtins uint256_addmod, uint256_mulmod, ecadd, and ecmul does not follow source order, which can cause side effects in one argument to be relied upon by others. The...

5.3CVSS4.7AI score0.00455EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/04 12:0 a.m.4 views

PT-2023-27764 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper affected versions not specified Description: The order of evaluation of the arguments of the builtin functions uint256 addmod, uint256 mulmod, ecadd, and ecmul does not follow source order. This behavior is problematic when the evaluati...

6.9CVSS5AI score0.00455EPSS
Exploits1References11
Packet Storm
Packet Storm
added 2023/08/22 12:0 a.m.308 views

Inosoft VisiWin 7 2022-2.1 Insecure Permissions / Privilege Escalation

Exploit Title: Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions Privilege Escalation Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://www.inosoft.com/ Version: Up to 2022-2.1 Runtime RT7.3 RC3 20221209.5 Tested on: Windows CVE:...

7.1AI score0.00823EPSS
Exploits4
Oracle linux
Oracle linux
added 2023/08/10 12:0 a.m.46 views

nodejs:16 security, bug fix, and enhancement update

nodejs 1:16.20.1-1 - Rebase to 16.20.1 Resolves: rhbz2188289 Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 - Replace /usr/etc/npmrc symlink with builtin configuration Resolves: rhbz2222288 nodejs-nodemon nodejs-packaging...

7.5CVSS7.5AI score0.03906EPSS
Exploits1
OSV
OSV
added 2023/08/08 12:0 a.m.6 views

UBUNTU-CVE-2023-4156

A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information...

7.1CVSS6.7AI score0.00428EPSS
Exploits1References6
OSV
OSV
added 2023/07/06 9:12 p.m.6 views

CLSA-2023-1688677908 Fix CVE(s): CVE-2021-45078

SECURITY UPDATE: heap-buffer-overflow - debian/patches/CVE-2021-45078.patch: fix out-of-bounds write in stabxcoffbuiltintype bz: 28694 - CVE-2021-45078...

7.8CVSS6.7AI score0.01312EPSS
Exploits1References1
OSV
OSV
added 2023/07/03 9:15 p.m.8 views

UBUNTU-CVE-2020-22597

An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecmabuiltinarrayprototypeobjectslice parameter...

9.8CVSS6.2AI score0.01314EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/07/03 12:0 a.m.8 views

JerryScript 安全漏洞

JerryScript is a lightweight JavaScript engine from the Jerryscript project. A security vulnerability exists in JerryScript version 2.3.0 that originated from allowing an attacker to execute arbitrary code via the ecmabuiltinarrayprototypeobjectslice parameter...

9.8CVSS8.9AI score0.01314EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:52 a.m.1 views

SUSE CVE-2011-2525

The qdiscnotify function in net/sched/schapi.c in the Linux kernel before 2.6.35 does not prevent tcfillqdisc function calls referencing builtin aka CQFBUILTIN Qdisc structures, which allows local users to cause a denial of service NULL pointer dereference and OOPS or possibly have unspecified...

7.8CVSS6.8AI score0.00496EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:8 a.m.4 views

SUSE CVE-2019-15847

The POWER9 backend in GNU Compiler Collection GCC before version 10 could optimize multiple calls of the builtindarn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single...

6.2CVSS7AI score0.03207EPSS
Exploits0References64
Rows per page
Query Builder