CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Microsoft CVE•added 2022/01/19 8:0 a.m.•2 views

memory contents disclosure in cli_feat_read_cb

...

3.3CVSS5.9AI score0.00121EPSS

Exploits1

WPVulnDB•added 2022/01/13 12:0 a.m.•18 views

SpiderCalendar <= 1.5.65 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting issue. Note: Vendor decided to close the plugin and it won't be...

6.1CVSS2.5AI score0.01167EPSS

Exploits2Affected Software1

Tenable Nessus•added 2022/01/12 12:0 a.m.•97 views

Apache Log4Shell RCE detection via callback correlation (Direct Check MSRPC)

Binary data apachelog4shellmsrpc.nbin...

10CVSS9.8AI score0.94358EPSS

OSV•added 2022/01/10 7:51 p.m.•10 views

GSD-2022-1000045 net/mlx5e: Wrap the tx reporter dump callback to extract the sq

net/mlx5e: Wrap the tx reporter dump callback to extract the sq This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.90 by commit...

7.2AI score

Code423n4•added 2022/01/10 12:0 a.m.•4 views

Depositor can reenter contract on claim creation

Handle kenzo Vulnerability details This finding is almost identical to my previous finding "Claimer can reenter contract on claim creation", but in this scenario, the depositor can reenter via Depositors' safeMint function. When depositing, Depositors is minting the token using safeMint, which wi...

Tenable Nessus•added 2022/01/07 12:0 a.m.•186 views

Apache Log4Shell RCE detection via callback correlation (Direct Check RPCBIND)

Binary data log4jlog4shellrpcbind.nbin...

10CVSS9.8AI score0.94358EPSS

Code423n4•added 2022/01/07 12:0 a.m.•10 views

Convenience contract fails to function if asset or collateral is an ERC20 token with fees

Handle Ruhum Vulnerability details Impact There are ERC20 tokens that collect fees with each transfer. If the asset or collateral used in a pair is of that type, the Convenience contract fails to function. It always sends the flat amount specified in the function's parameter. If the token collect...

7.1AI score

Tenable Nessus•added 2022/01/04 12:0 a.m.•76 views

Apache Log4Shell RCE detection via callback correlation (Direct Check PPTP)

Binary data log4jlog4shellpptp.nbin...

10CVSS9.9AI score0.94358EPSS

Code423n4•added 2022/01/04 12:0 a.m.•8 views

Important state updates are made after the callback in the mint() function

Handle jayjonah8 Vulnerability details Impact In TimeswapPair.sol, the mint function has a callback in the middle of the function while there are still updates to state that take place after the callback. The lock modifier guards against reentrancy but not against cross function reentrancy. Since...

Code423n4•added 2022/01/04 12:0 a.m.•14 views

pay() function has callback to msg.sender before important state updates

Handle jayjonah8 Vulnerability details Impact In TimeswapPair.sol, the pay function has a callback to the msg.sender in the middle of the function while there are still updates to state that take place after the callback. The lock modifier guards against reentrancy but not against cross function...

Code423n4•added 2022/01/04 12:0 a.m.•11 views

In the lend() function state updates are made after the callback

Handle jayjonah8 Vulnerability details Impact In TimeswapPair.sol, the lend function has a callback to the msg.sender in the middle of the function while there are still updates to state that take place after the callback. The lock modifier guards against reentrancy but not against cross function...

Tenable Nessus•added 2021/12/29 12:0 a.m.•74 views

Apache Log4Shell RCE detection via callback correlation (Direct Check UPnP)

Binary data apachelog4shellupnp.nbin...

10CVSS7.3AI score0.94358EPSS

Tenable Nessus•added 2021/12/23 12:0 a.m.•102 views

Apache Log4Shell RCE detection via callback correlation (Direct Check NTP)

Binary data log4jlog4shellntp.nbin...

10CVSS9.9AI score0.94358EPSS