Lucene search
K

4420 matches found

Code423n4
Code423n4
added 2023/07/14 12:0 a.m.20 views

Adding balance to accumulator does not depend on the current drawId, while documentation says it does

Lines of code Vulnerability details Impact In documentation protocol states that : To compute the allocated contribution for a draw d we'd compute the integral of curve cd=−t∗lnα∗α^d from lastdraw dold to dnew, and which is equal to −t∗ α^dold + t∗ α^dnew. Which clearly shows that contribution on...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/07/07 7:26 p.m.40 views

Metasploit Weekly Wrap-Up

Apache RocketMQ We saw some great teamwork this week from jheysel-r7 and h00die to bring you an exploit module for CVE-2023-33246. In Apache RocketMQ version 5.1.0 and under, there is an access control issue which the module leverages to update the broker's configuration file without...

7.5CVSS8.2AI score0.96604EPSS
Exploits11
Qualys Blog
Qualys Blog
added 2023/07/06 10:26 p.m.11 views

How Qualys Drives PCI DSS 4.0 Compliance for File Integrity Monitoring

The Payment Card Industry Data Security Standard PCI DSS is a well-known rule for compliance by merchants and entities involved in payment card processing. The new PCI DSS 4.0 standard specifies a broad range of technical and process requirements to ensure the safety of payment cardholder data or...

7.2AI score
Exploits0
OSV
OSV
added 2023/07/05 10:15 p.m.36 views

PYSEC-2023-107

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal directory traversal vulnerability affects fides versions lower than version 2.15.1, allowing...

7.5CVSS7AI score0.0109EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/05 9:11 p.m.43 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to containerd security bypass and denial of service vulnerabilities( CVE-2023-25173, CVE-2023-25153)

Summary Potential containerd security bypass and denial of service vulnerabilities CVE-2023-25173, CVE-2023-25153 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-25173 DESCRIPTIO...

7.8CVSS6.7AI score0.00542EPSS
Exploits1Affected Software1
Code423n4
Code423n4
added 2023/07/05 12:0 a.m.8 views

BranchBridgeAgent invokes anyCall with PAY ON SOURCE but doesn't send value with it. All calls will fail.

Lines of code Vulnerability details Impact IAnycallProxy.anyCall operates under one of two modes of taking fees, namely fees are taken either on source or on the destination chain. Fee mode is decided by the caller with an appropriate value of the fourth parameter, ie. uint256 flag . Values 0,4...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/03 12:0 a.m.8 views

maxSupply in esLBR.sol is wrong

Lines of code Vulnerability details Impact Proof of Concept As mentioned in the docs in line 6 in esLBR.sol contract , the maximum supply will be 55 million . - The maximum amount that can be minted through the esLBRMinter contract is 55 million. But the maximum supply is hardcoded 100 million in...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/03 12:0 a.m.12 views

Wrong proposalThreshold amount in LybraGovernance.sol

Lines of code Vulnerability details Impact The proposal can be created with only 100000 esLBR delegated instead of 10000000. Proof of Concept According to LybraV2Docs, a proposal can only be created if the sender has at least 10 million esLBR tokens delegated to his address to meet the proposal...

6.8AI score
Exploits0
Virtuozzo
Virtuozzo
added 2023/07/03 12:0 a.m.37 views

Virtuozzo Hybrid Infrastructure 5.4 Update 3 (5.4.3-100)

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover core storage, the system configuration, updates, documentation, and the compute services. Additionally, this release delivers stability improvements and addresses issues found in previous releases...

6.8AI score
Exploits0
GithubExploit
GithubExploit
added 2023/07/01 5:8 p.m.73 views

Exploit for Deserialization of Untrusted Data in Spip

Installation et Exécution du script 💻 Prérequis Avant de...

9.8CVSS9.6AI score0.99637EPSS
Exploits23
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/29 5:28 p.m.48 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to Go [CVE-2023-24539 and CVE-2023-24540]

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to remote code injection due to Go CVE-2023-24539 and CVE-2023-24540, with details below. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2023-24539 DESCRIPTION: Go is vulnerabl...

9.8CVSS9.1AI score0.01548EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/29 1:30 p.m.30 views

Security Bulletin: IBM Decision Optimization in IBM Cloud Pak for Data is vulnerable to a xml2js vulnerability (CVE-2023-0842)

Summary Xmljs is used in IBM Decision Optimization in IBM Cloud Pak for Data. IBM Decision Optimization in IBM Cloud Pak for Data has addressed the reported vulnerability. Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote attacker to execute arbitrary code on the...

5.3CVSS6AI score0.01404EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/29 1:25 p.m.39 views

Security Bulletin: IBM Decision Optimization in IBM Cloud Pak for Data is vulnerable to Golang Go vulnerability (PRISMA-2022-0270)

Summary Golang Go is used IBM Decision Optimization in IBM Cloud Pak for Data. IBM Decision Optimization in IBM Cloud Pak for Data has addressed the reported vulnerability. Vulnerability Details IBM X-Force ID: 250518 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a token...

6.6AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/29 1:24 p.m.30 views

Security Bulletin: IBM Decision Optimization in IBM Cloud Pak for Data is vulnerable to YAML denial of service (CVE-2023-2251)

Summary YAML is used in IBM Decision Optimization in IBM Cloud Pak for Data. IBM Decision Optimization in IBM Cloud Pak for Data has addressed the reported vulnerability. Vulnerability Details CVEID:CVE-2023-2251 DESCRIPTION: YAML is vulnerable to a denial of service, caused by an uncaught...

7.5CVSS7.3AI score0.01093EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 3:11 p.m.13 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service due to [CVE-2023-2800]

Summary Hugging Face Transformers is used by IBM App Connect Enterprise Certified Container for mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin provides patch information t...

4.7CVSS4.9AI score0.00282EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 3:8 p.m.35 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service due to [CVE-2023-34104]

Summary Node.js module fast-xml-parser is used by IBM App Connect Enterprise Certified Container for parsing XML. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service. This bulletin provides patch...

7.5CVSS7.4AI score0.01135EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 3:6 p.m.25 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationServer and IntegrationRuntime operands are vulnerable to arbitrary code execution due to [CVE-2023-26920]

Summary Node.js module fast-xml-parser is used by IBM App Connect Enterprise Certified Container for parsing XML data. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationServer and IntegrationRuntime operands are vulnerable to arbitrary code execution. This bulletin...

6.5CVSS7.3AI score0.01152EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 3:4 p.m.26 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands and operator are vulnerable to [CVE-2023-24532]

Summary IBM App Connect Enterprise Certified Container operator and operands are vulnerable to an unspecified error due to an error in the ScalarMult and ScalarBaseMult methods of the P256 Curve in Golang Go. This bulletin provides patch information to address the reported vulnerability in Golang...

5.3CVSS7.2AI score0.00817EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2023/06/27 3:10 p.m.100 views

Moderate: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7CVSS6.6AI score0.00273EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/06/25 6:15 p.m.107 views

CVE-2023-36632

The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed ...

7.5CVSS6.8AI score0.01584EPSS
Exploits1References4
Rows per page
Query Builder