CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2022/01/10 7:51 p.m.•10 views

GSD-2022-1000045 net/mlx5e: Wrap the tx reporter dump callback to extract the sq

net/mlx5e: Wrap the tx reporter dump callback to extract the sq This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.90 by commit...

7.2AI score

Code423n4•added 2022/01/10 12:0 a.m.•4 views

Depositor can reenter contract on claim creation

Handle kenzo Vulnerability details This finding is almost identical to my previous finding "Claimer can reenter contract on claim creation", but in this scenario, the depositor can reenter via Depositors' safeMint function. When depositing, Depositors is minting the token using safeMint, which wi...

Code423n4•added 2022/01/07 12:0 a.m.•10 views

Convenience contract fails to function if asset or collateral is an ERC20 token with fees

Handle Ruhum Vulnerability details Impact There are ERC20 tokens that collect fees with each transfer. If the asset or collateral used in a pair is of that type, the Convenience contract fails to function. It always sends the flat amount specified in the function's parameter. If the token collect...

7.1AI score

Tenable Nessus•added 2022/01/07 12:0 a.m.•186 views

Apache Log4Shell RCE detection via callback correlation (Direct Check RPCBIND)

Binary data log4jlog4shellrpcbind.nbin...

10CVSS9.8AI score0.94358EPSS

Tenable Nessus•added 2022/01/04 12:0 a.m.•76 views

Apache Log4Shell RCE detection via callback correlation (Direct Check PPTP)

Binary data log4jlog4shellpptp.nbin...

10CVSS9.9AI score0.94358EPSS

Code423n4•added 2022/01/04 12:0 a.m.•8 views

Important state updates are made after the callback in the mint() function

Handle jayjonah8 Vulnerability details Impact In TimeswapPair.sol, the mint function has a callback in the middle of the function while there are still updates to state that take place after the callback. The lock modifier guards against reentrancy but not against cross function reentrancy. Since...

Code423n4•added 2022/01/04 12:0 a.m.•14 views

pay() function has callback to msg.sender before important state updates

Handle jayjonah8 Vulnerability details Impact In TimeswapPair.sol, the pay function has a callback to the msg.sender in the middle of the function while there are still updates to state that take place after the callback. The lock modifier guards against reentrancy but not against cross function...

Code423n4•added 2022/01/04 12:0 a.m.•11 views

In the lend() function state updates are made after the callback

Handle jayjonah8 Vulnerability details Impact In TimeswapPair.sol, the lend function has a callback to the msg.sender in the middle of the function while there are still updates to state that take place after the callback. The lock modifier guards against reentrancy but not against cross function...

Tenable Nessus•added 2021/12/29 12:0 a.m.•74 views

Apache Log4Shell RCE detection via callback correlation (Direct Check UPnP)

Binary data apachelog4shellupnp.nbin...

10CVSS7.3AI score0.94358EPSS

Tenable Nessus•added 2021/12/23 12:0 a.m.•102 views

Apache Log4Shell RCE detection via callback correlation (Direct Check NTP)

Binary data log4jlog4shellntp.nbin...

10CVSS9.9AI score0.94358EPSS