Lucene search
+L

169 matches found

Veracode
Veracode
added 2023/08/03 7:23 a.m.20 views

Out-of-Bounds Write

libopenbabel.so is vulnerable to Out-of-Bounds Write. The vulnerability exists in the CSR format in the WriteMolecule function of CSRformat.cpp, which allows an attacker to inject and execute malicious code, by providing a maliciously crafted file...

9.8CVSS6.9AI score0.00816EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2023/07/21 9:15 p.m.43 views

CVE-2022-41793

An out-of-bounds write vulnerability exists in the CSR format title functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS9.7AI score0.00816EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/07/21 8:25 p.m.25 views

CVE-2022-41793

An out-of-bounds write vulnerability exists in the CSR format title functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS7.5AI score0.00816EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/21 8:25 p.m.44 views

CVE-2022-41793

An out-of-bounds write vulnerability exists in the CSR format title functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS9.9AI score0.00816EPSS
Exploits1References1
Talos
Talos
added 2023/07/21 12:0 a.m.32 views

Open Babel CSR format title out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2022-1667 Open Babel CSR format title out-of-bounds write vulnerability July 21, 2023 CVE Number CVE-2022-41793 SUMMARY An out-of-bounds write vulnerability exists in the CSR format title functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially...

9.8CVSS9.2AI score0.00816EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2023/07/21 12:0 a.m.4 views

PT-2023-4402

Name of the Vulnerable Software and Affected Versions Open Babel versions 3.1.1 through master commit 530dbfa3 Description An out-of-bounds write issue exists in the CSR format title functionality. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a...

10CVSS7.5AI score0.00816EPSS
Exploits2References48
SUSE CVE
SUSE CVE
added 2023/02/15 5:50 a.m.5 views

SUSE CVE-2011-3848

Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request CSR to arbitrary locations via 1 a double-encoded key parameter in the URI in 2.7.x, 2 the CN in the Subject of a CSR in 2.6 and 0.25...

5CVSS7.2AI score0.01115EPSS
Exploits0References4
OSV
OSV
added 2023/01/17 4:13 p.m.8 views

GSD-2023-1000217 Bluetooth: Fix crash when replugging CSR fake controllers

Bluetooth: Fix crash when replugging CSR fake controllers This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.159 by commit...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.3 views

PT-2023-33120 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.13 Description: A potential issue exists where replugging CSR fake controllers could cause a crash. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

7.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/12/02 12:0 a.m.25 views

PT-2024-11847 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a crash when replugging CSR fake controllers in the Linux kernel's Bluetooth component. It seems that fake CSR 5.0 clones can cause the suspend notifier to be...

9.1CVSS6.5AI score0.03702EPSS
Exploits12References1873
Code423n4
Code423n4
added 2022/11/28 12:0 a.m.9 views

PostTxProcessing can revert user transactions not interacting with Turnstile

Lines of code Vulnerability details Impact Any transaction, even those that don't interact with the Turnstile contract, can be reverted by the PostTxProcessing hook if there was a CSR specific error. Thus, the CSR module can impair the behavior of smart contracts not related to the module. Proof ...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/11/26 12:0 a.m.10 views

evm_hooks ignores some important errors

Lines of code Vulnerability details Impact Some contracts and some Turnstile tokens nfts wll not be able to receive CSR fees forever. Proof of Concept In evmhooks.go, the PostTxProcessing will call h.processEventsctx, receipt to handle Register and Assign events from Turnstile contract first:...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/11/26 12:0 a.m.9 views

Incorrect revenue calculation will lead to revenue theft through proxy attacks

Lines of code Vulnerability details Impact The incorrect way revenue is calculated can lead to CSR being stolen through proxy attacks, which is likely to lead the ecology into CSR bribery war. Eventually, this feature will translate into reduced gas fees for all transactions, regardless of whethe...

6.7AI score
Exploits0
Akamai Blog
Akamai Blog
added 2022/09/30 1:0 p.m.8 views

Akamai Aids India Through Corporate Social Responsibility Partnerships

Akamai’s Corporate Social Responsibility Trust partners with nonprofit organizations to help enhance the lives of people across India...

7AI score
Exploits0
Veracode
Veracode
added 2022/09/27 1:8 p.m.34 views

Authentication Bypass

github.com/hashicorp/consul is vulnerable to authentication bypass. The vulnerability exists in autoconfigendpoint.go and leaderconnectca.go because the URI length checks are not added to CSR requests which allows an attacker to designate multiple SAN URI values in a call to the endpoint...

6.5CVSS6.8AI score0.00849EPSS
Exploits0References18Affected Software2
NVD
NVD
added 2022/09/23 12:15 p.m.26 views

CVE-2022-40716

HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."...

6.5CVSS0.00849EPSS
Exploits0References5
Prion
Prion
added 2022/09/23 12:15 p.m.23 views

Design/Logic Flaw

HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."...

4CVSS6.7AI score0.00849EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2022/09/23 12:0 a.m.32 views

CVE-2022-40716

HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."...

7.5AI score0.00849EPSS
Exploits0References5
OSV
OSV
added 2022/09/14 3:15 a.m.6 views

CVE-2022-34831

An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an identifier for one o...

9.8CVSS5.8AI score0.00447EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/09/14 3:15 a.m.3 views

CVE-2022-34831

An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an identifier for one o...

9.8CVSS5.9AI score0.00447EPSS
Exploits0References3
Rows per page
Query Builder