Lucene search
K

4419 matches found

Code423n4
Code423n4
added 2023/10/26 12:0 a.m.5 views

Borrower cannot change market capacity (max total supply) after creating a market

Lines of code Vulnerability details Impact As per docs, "Subsequent to launch, base APR and capacities can be adjusted by the borrower at will". After creating a market, a borrower cannot increase the maximum total supply which contradicts the documentation. Proof of Concept The...

6.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/10/25 2:20 p.m.32 views

dtale vulnerable to Remote Code Execution through the Custom Filter Input

Impact Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Patches Users should upgrade to version 3.7.0 where the "Custom Filter" input is turned off by default. You can find out more information on how to turn it back ...

9.8CVSS7.7AI score0.00756EPSS
Exploits0References4Affected Software1
Code423n4
Code423n4
added 2023/10/25 12:0 a.m.12 views

Centralisation risk

Lines of code Vulnerability details Impact The protocol has a onlyGovernor role with privileged rights to perform administrator tasks that can affect users. Proof of Concept The governorhave control over crucial function that can be updated and change according to the governor discretion. functio...

7.3AI score
Exploits0
Veracode
Veracode
added 2023/10/24 11:27 a.m.30 views

Information Disclosure

@tauri-apps/cli is vulnerable to Information Disclosure. This vulnerability is due to a commonly used misconfiguration which leads to the leakage of the private key and updater key password. If envPrefix: 'VITE', 'TAURI', was pasted from the documentation into vite.config.ts, the TAURIPRIVATEKEY...

8.4CVSS7.2AI score0.00192EPSS
Exploits0References4Affected Software1
Kitploit
Kitploit
added 2023/10/23 5:45 p.m.23 views

GATOR - GCP Attack Toolkit For Offensive Research, A Tool Designed To Aid In Research And Exploiting Google Cloud Environments

GATOR - GCP Attack Toolkit for Offensive Research , a tool designed to aid in research and exploiting Google Cloud Environments. It offers a comprehensive range of modules tailored to support users in various attack stages, spanning from Reconnaissance to Impact. Modules Resource Category |...

7.2AI score
Exploits0References2
OSV
OSV
added 2023/10/20 3:18 p.m.30 views

GHSA-2RCP-JVR4-R259 Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables

Impact This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications using the Vite frontend in a specific configuration. The Tauri...

8.4CVSS6.8AI score0.00192EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/10/20 3:18 p.m.173 views

Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables

Impact This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications using the Vite frontend in a specific configuration. The Tauri...

8.4CVSS5.5AI score0.00192EPSS
Exploits0References6Affected Software2
NVD
NVD
added 2023/10/20 12:15 a.m.65 views

CVE-2023-46115

Tauri is a framework for building binaries for all major desktop platforms. This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications...

8.4CVSS8.5AI score0.00192EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/10/19 11:35 p.m.58 views

CVE-2023-46115 Updater Private Keys Possibly Leaked via Vite Environment Variables in tauri-cli

Tauri is a framework for building binaries for all major desktop platforms. This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications...

8.4CVSS8.7AI score0.00192EPSS
Exploits0References2
OSV
OSV
added 2023/10/19 6:29 a.m.44 views

BIT-2023-44981

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...

9.1CVSS7AI score0.01713EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/10/17 1:48 p.m.40 views

GHSA-V23W-PPPM-JH66 Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries

Impact An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user accou...

7.5CVSS7.5AI score0.00901EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2023/10/17 1:48 p.m.29 views

Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries

Impact An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user accou...

7.5CVSS6.9AI score0.00901EPSS
Exploits0References8Affected Software1
Fedora
Fedora
added 2023/10/15 1:44 a.m.21 views

[SECURITY] Fedora 38 Update: composer-2.6.5-1.fc38

Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...

8.8CVSS8.7AI score0.01378EPSS
Exploits0
Fedora
Fedora
added 2023/10/15 1:29 a.m.29 views

[SECURITY] Fedora 37 Update: composer-2.6.5-1.fc37

Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...

8.8CVSS8.7AI score0.01378EPSS
Exploits0
0day.today
0day.today
added 2023/10/15 12:0 a.m.431 views

PyTorch Model Server Registration / Deserialization Remote Code Execution Exploit

The PyTorch model server contains multiple vulnerabilities that can be chained together to permit an unauthenticated remote attacker arbitrary Java code execution. The first vulnerability is that the management interface is bound to all IP addresses and not just the loop back interface as the...

10CVSS9.8AI score0.99615EPSS
Exploits10
Circl
Circl
added 2023/10/12 1:11 p.m.4 views

CVE-2023-45142

creationtimestamp| type| source ---|---|--- 2023-10-12 13:11:24+00:00| published-proof-of-concept| https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr 2023-10-12 20:23:27+00:00| seen| https://t.me/cibsecurity/72188 2025-01-28 13:36:28+00:00| seen|...

7.5CVSS7.2AI score0.01364EPSS
Exploits0References3
OSV
OSV
added 2023/10/12 8:5 a.m.4 views

SUSE-SU-2023:4060-1 Security update for rage-encryption

This update for rage-encryption fixes the following issues: -CVE-2023-42811: chosen ciphertext attack possible against aes-gcm bsc1215657 update vendor.tar.zst to contain aes-gcm = 0.10.3 - Update to version 0.9.2+0: CI: Ensure apt repository is up-to-date before installing build deps CI: Build...

5.5CVSS5.6AI score0.00262EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/10/11 11:55 a.m.35 views

CVE-2023-44981 Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...

9.4AI score0.01713EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2023/10/11 12:0 a.m.34 views

apache -- Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication

[email protected] reports: Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is liste...

9.1CVSS7.4AI score0.01713EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2023/10/10 9:16 p.m.3 views

com.infomaximum:network (>=1.1.3p8 <=1.1.3p10), com.infomaximum:platform (>=0.1.6p17 <=0.1.13p1) +11 more potentially affected by CVE-2023-36478 via org.eclipse.jetty.http3:http3-qpack (>=11.0.10 <=11.0.15)

org.eclipse.jetty.http3:http3-qpack MAVEN version =11.0.10, =1.1.3p8, =0.1.6p17, =0.2.0, =0.2.0, =0.2.0, =11.0.10, =11.0.10, =11.0.10, =11.0.10, =11.0.10, =11.0.10, =11.0.10, =11.0.15 Source cves: CVE-2023-36478 Source advisory: OSV:GHSA-WGH7-54F2-X98R...

7.5CVSS6.7AI score0.03754EPSS
Exploits1
Rows per page
Query Builder