CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2023/09/13 12:0 a.m.•3 views

Proofpoint Insider Threat Management Code Issue Vulnerability

Proofpoint Insider Threat Management Proofpoint ITM is an insider threat management system from Proofpoint USA. A code issue vulnerability exists in Proofpoint Insider Threat Management versions prior to 7.14.3.69, which stems from improper checking of anomalies and allows an attacker to change t...

6.4CVSS7AI score0.00138EPSS

Exploits0References4

Code423n4•added 2023/09/08 12:0 a.m.•12 views

H-01 Unmitigated

Lines of code Vulnerability details test test --- The text was updated successfully, but these errors were encountered: All reactions...

Code423n4•added 2023/09/06 12:0 a.m.•10 views

Fully slashed transcoder can vote with 0 weight messing up the voting calculations

Lines of code Vulnerability details Impact If a transcoder gets slashed fully he can still vote with 0 amount of weight making any other delegated user that wants to change his vote to subtract their weight amount from other delegators/transcoders. Proof of Concept In BondingManager.sol any...

6.8AI score

Code423n4•added 2023/09/06 12:0 a.m.•11 views

Improperly tracking asset reserve for WETH

Lines of code Vulnerability details Impact Function RdpxV2Corewithdraw lets delegate owners withdraw their unused WETH. However, withdrawn amount is not deducted from totalWethDelegated, which causes WETH asset reserve tracked improperly. The impacts could be: 1. Function sync gets reverted when...

CNNVD•added 2023/09/06 12:0 a.m.•2 views

Electron Code Issues Vulnerabilities

Electron is a personal developer of a user to write cross-platform desktop application JavaScript framework. The framework is based on nodejs and Chromium and can be used to write cross-platform desktop applications using HTML, CSS. A code issue vulnerability exists in Electron. An attacker can...

8.5CVSS7AI score0.00162EPSS

CNNVD•added 2023/09/01 12:0 a.m.•1 views

Catdoc Code Issues Vulnerabilities

Catdoc is a program that reads MS-Word files and prints them readably, by the US-based individual developer Pete Warden. A security vulnerability exists in Catdoc version v0.95, which stems from the component xls2csv in src/fileutil.c containing a NULL pointer dereference...

5.5CVSS6.8AI score0.0003EPSS

Code423n4•added 2023/08/28 12:0 a.m.•12 views

Existing checks with INT_MAX are insufficient such that the contract becomes dysfunctional after initial deployment of some large balance(s)

Lines of code Vulnerability details Impact EvolvingProteus.sol contains a variety of functions which detail the price in tokens to be paid in swaps, withdraws, and deposits. In external functions such as depositGivenInputAmount, as well as internal functions such as checkBalances, there exists a...

Code423n4•added 2023/08/28 12:0 a.m.•9 views

reserve balances AND reserve balance ratio INVARIANTS ARE NOT CHECKED INSIDE THE _reserveTokenSpecified FUNCTION THUS ENABLING deposit AND withdraw TRANSACTIONS TO BREAK THESE INVARIANTS

Lines of code Vulnerability details Impact The EvolvingProteus.depositGivenInputAmount function is used to calculate the output amount of LP tokens given an input amount of reserve tokens. The EvolvingProteus.withdrawGivenOutputAmount function is used to calculate the amount of LP tokens that mus...

Code423n4•added 2023/08/24 12:0 a.m.•9 views

Loss of precision in the YieldVault causes DoS when depositing from the Vault

Lines of code Vulnerability details Title Loss of precision in the YieldVault causes DoS when depositing from the Vault Original Issue M-22 - Loss of precision leads to undercollateralized Details The original demonstrates how the Vault could fall into undercollateralization mode if the YieldVaul...

6.6AI score

CNNVD•added 2023/08/18 12:0 a.m.•3 views

NBS&HappySoftWeChat 代码问题漏洞

NBS&HappySoftWeChat is a microstore system from NBS&HappySoftWeChat. A code issue vulnerability exists in NBS&HappySoftWeChat version 1.1.6 that stems from the ability to perform unlimited uploads...

8.8CVSS7AI score0.00098EPSS

Exploits1References4

NVD•added 2023/08/14 7:15 p.m.•8 views

CVE-2023-28480

An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform allows users to define new User Defined Functions UDFs from C/C++ code. To support this functionality TigerGraph allows users to upload custom C/C++ code which is then compiled and installed into the platform. An...

6.5CVSS6.6AI score0.00085EPSS

Exploits1References1

Code423n4•added 2023/08/10 12:0 a.m.•7 views

Lenders can deposit at anytime during the week and still claim rewards for that week

Lines of code Vulnerability details Impact Anytime a user deposits during an epoch i.e a week he immediately is eligible to earn from the rewards for that lending market that week. This occurs because when the lending pool calls syncledger, LendingLedger adds the deposit to the users deposit for...

6.6AI score

CNNVD•added 2023/07/31 12:0 a.m.•3 views

fossbilling 代码问题漏洞

fossbilling is a free open source solution for efficient billing and customer management. A code issue vulnerability exists in versions prior to fossbilling 0.5.5 that stems from the presence of an insufficient session expiration time...

9.8CVSS5.8AI score0.00078EPSS

Code423n4•added 2023/07/28 12:0 a.m.•46 views

Arbitrary from in transferFrom

Lines of code Vulnerability details Impact function aaddress from, address to, uint256 amount public erc20.transferFromfrom, to, am; Alice approves this contract to spend her ERC20 tokens. Bob can call a and specify Alice's address as the from parameter in transferFrom, allowing him to transfer...

6.8AI score