CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Code423n4•added 2023/01/27 12:0 a.m.•9 views

User receives lesser number of Long Tokens on burning Pool liquidity resulting in loss of user funds

Lines of code Vulnerability details Impact Protocol currently uses 2 levels of callbacks for burning Pool liquidity: Inner callback - timeswapV2PoolBurnChoiceCallback function in Line 438 of Pool.sol allows user to specify long0 & long1 amount such that long0 + long1 longAmount. longAmount here...

6.8AI score

OSV•added 2023/01/17 5:46 p.m.•8 views

GSD-2023-1000523 scsi: elx: libefc: Fix second parameter type in state callbacks

scsi: elx: libefc: Fix second parameter type in state callbacks This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit...

7.2AI score

OSV•added 2023/01/16 4:15 p.m.•2 views

CVE-2022-4060

The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it...

9.8CVSS5.9AI score0.42723EPSS

Exploits2References1

Positive Technologies•added 2023/01/16 12:0 a.m.•4 views

PT-2023-7904 · WordPress · User Post Gallery

Name of the Vulnerable Software and Affected Versions: User Post Gallery WordPress plugin versions 2.19 and earlier Description: The issue is related to insufficient authorization procedure in the User Post Gallery WordPress plugin, allowing remote attackers to execute arbitrary code. This is...

10CVSS7.6AI score0.42723EPSS

Exploits2References8

BDU FSTEC•added 2023/01/10 12:0 a.m.•4 views

The vulnerability of the SSL/TLS WolfSSL library lies in its ability to read data beyond the buffer boundaries in memory. This allows attackers to gain unauthorized access to protected information or cause service failures.

The vulnerability of the SSL/TLS library WolfSSL is related to the ability to read data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information or cause service failures through the...

9.4CVSS7.9AI score0.01959EPSS

Exploits2References4Affected Software1

VulnCheck KEV•added 2022/12/26 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-4060

The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it...

9.8CVSS7.4AI score0.42723EPSS

Exploits2References1

RedHat Linux•added 2022/11/15 11:55 a.m.•1 views

kernel: ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce()

A vulnerability was found in the Linux kernel's ethtool implementation in the ioctl handling of coalesce settings, where the system attempts to change coalesce settings using the ethtoolsetcoalesce function without verifying the availability of both the .getcoalesce and .setcoalesce callbacks,...

5.5CVSS6.6AI score0.00183EPSS

Exploits0References5

OSV•added 2022/11/14 7:6 p.m.•9 views

GSD-2022-1007108 bpf: Fix reference state management for synchronous callbacks

bpf: Fix reference state management for synchronous callbacks This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.75 by commit...

7.2AI score

OSV•added 2022/11/14 6:46 p.m.•8 views

GSD-2022-1006864 bpf: Fix reference state management for synchronous callbacks

7.2AI score

Positive Technologies•added 2022/11/14 12:0 a.m.•3 views

PT-2022-35351 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: The issue is related to the Linux Kernel's rds tcp reset callbacks function, where the sock lock is held when cancelling work. This could potentially lead to security vulnerabilities,...

Positive Technologies•added 2022/11/14 12:0 a.m.•3 views

PT-2022-35363 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: The issue concerns reference state management for synchronous callbacks in the bpf component. It was introduced in version v5.13 and fixed in version v5.15.75. The actual impact and attack...

Positive Technologies•added 2022/11/14 12:0 a.m.•3 views

PT-2022-35679 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.220 Description: The issue is related to the Linux Kernel's rds tcp reset callbacks function, where the sock lock is held when cancelling work. This could potentially lead to security vulnerabilities,...

Positive Technologies•added 2022/11/14 12:0 a.m.•3 views

PT-2022-35545 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.150 Description: The issue is related to the Linux Kernel's rds tcp reset callbacks function, where the sock lock is held when cancelling work. This could potentially lead to security vulnerabilities,...

Positive Technologies•added 2022/11/14 12:0 a.m.•4 views

PT-2022-35856 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.296 Description: The issue is related to the Linux Kernel's rds tcp reset callbacks function, where the sock lock is held when cancelling work. This could potentially lead to security vulnerabilities,...