Lucene search
K

4421 matches found

Code423n4
Code423n4
added 2023/03/15 12:0 a.m.9 views

Users cant withdraw S1 or S2 Citizens if no timelockEndTime is associated with it

Lines of code Vulnerability details Impact Users cant withdraw S1 or S2 Citizens if no timelockEndTime is associated with it. As the same logic is applied in the withdrawLP function, this is not intended behavior. Currently, there are no allowances for a S1 or S2 Citizen to withdraw their asset i...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/15 12:0 a.m.15 views

Lack of a contract existence check may lead to undesired behavior

Lines of code Vulnerability details Impact The functions NeoTokyoStaker.assetTransferFrom and NeoTokyoStaker.assetTransfer are both used as helper functions to perform low level calls, both functions revert if the low-level call fails, but no checks are made if the contract that's being called...

6.7AI score
Exploits0
OSV
OSV
added 2023/03/14 3:30 a.m.17 views

GHSA-3XMP-JWRR-8F4R ONOS vulnerable to reflected cross-site scripting

A cross-site scripting XSS vulnerability in Open Network Operating System ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter of the API documentation dashboard under info contact URL...

6.1CVSS5.8AI score0.00623EPSS
Exploits1References6
NVD
NVD
added 2023/03/14 1:15 a.m.12 views

CVE-2023-24279

A cross-site scripting XSS vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard...

6.1CVSS5.9AI score0.00623EPSS
Exploits1References3
Prion
Prion
added 2023/03/14 1:15 a.m.15 views

Cross site scripting

A cross-site scripting XSS vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard...

5.8CVSS5.9AI score0.00623EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/14 12:0 a.m.9 views

CVE-2023-24279

A cross-site scripting XSS vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard...

5.9AI score0.00623EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/03/14 12:0 a.m.21 views

CVE-2023-24279

A cross-site scripting XSS vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard...

6AI score0.00623EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2023/03/07 9:43 a.m.33 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.11.30 security update

Red Hat OpenShift Container Platform release 4.11.30 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, whic...

5.3CVSS6.7AI score0.05623EPSS
Exploits0References10
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/06 10:12 a.m.23 views

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard and DesignerAuthoring operands may be vulnerable to cross-site scripting due to IBM X-Force ID 239963

Summary IBM App Connect Enterprise Certified Container Dashboard and DesignerAuthoring operands did not set the Content Source Policy CSP header "object-src". This may allow injection of arbitrary code into the Web UI. This bulletin provides patch information to address the reported vulnerability...

6.7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/03 3:29 p.m.44 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to CVE-2022-43548 in Node.js

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to CVE-2022-43548 in Node.js with details below. Vulnerability Details CVEID:CVE-2022-43548 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary commands on the system, caused by an...

8.1CVSS8.3AI score0.14024EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/03 3:5 p.m.39 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service due to [CVE-2022-25927]

Summary Node.js module ua-parser-js is used by IBM App Connect Enterprise Certified Container DesignerAuthoring instances. IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service. This bulletin provides patch information to address the...

7.5CVSS6.2AI score0.01725EPSS
Exploits2Affected Software1
OSV
OSV
added 2023/03/01 8:15 a.m.2 views

CVE-2023-0953

Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources...

8.8CVSS5.8AI score0.01032EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/27 8:37 p.m.34 views

Security Bulletin: IBM CloudPak foundational services (Events Operator) is affected by potential data integrity issue (CVE-2020-25649)

Summary The IBM Cloud Platform Common Services Events Operator is potentially vulnerable to a data integrity issue Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly...

7.5CVSS7.4AI score0.17611EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/27 8:37 p.m.98 views

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to Apache Log4j CVE-2021-45046

Summary Automation Assets in IBM Cloud Pak for integration is vulnerable to CVE-2021-45046 with details below. Vulnerability Details CVEID:CVE-2021-45046 DESCRIPTION: Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default...

10CVSS9.7AI score0.99999EPSS
Exploits349Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2023/02/24 8:8 p.m.50 views

Metasploit Wrap-Up

Basic discover script improvements This week two improvements were made to the script/resource/basicdiscovery.rc resource script. The first update from community member samsepi0x0 allowed commas in the RHOSTS value, making it easier to target multiple hosts. Additionally, adfoster-r7 improved the...

8.8AI score0.97653EPSS
Exploits21
Code423n4
Code423n4
added 2023/02/24 12:0 a.m.13 views

changeRewardSpeed function at the MultiRewardStaking contract is incorrectly implemented and can leave the staking of a token on a denial of service state (copy)

Lines of code Vulnerability details Impact The changeRewardSpeed function from the MultiRewardStaking.sol contract lacks documentation on how exactly it should work. By its name and some comments above it, I infer that the function must change the rate of tokens rewards per unit of time. For...

6.6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/02/22 11:49 p.m.62 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.9.56 security update

Red Hat OpenShift Container Platform release 4.9.56 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a...

7.5CVSS6.6AI score0.017EPSS
Exploits0References9
Cvelist
Cvelist
added 2023/02/22 1:42 p.m.16 views

CVE-2023-0953

Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources...

8.7AI score0.01032EPSS
Exploits0References1
CVE
CVE
added 2023/02/22 1:42 p.m.48 views

CVE-2023-0953

The CVE concerns Devolutions Server (version 2022.3.12 and earlier). The root cause is insufficient input sanitization in the documentation feature, enabling an authenticated attacker to perform an SQL Injection and potentially access system resources. Impact is described as high (C/H/I/A), with ...

8.8CVSS8.4AI score0.01032EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/02/22 12:4 a.m.20 views

GHSA-8MFQ-F5WJ-VW5M Nautobot vulnerable to remote code execution via Jinja2 template rendering

Impact What kind of vulnerability is it? Who is impacted? All users of Nautobot versions earlier than 1.5.7 are impacted. In Nautobot 1.5.7 we have enabled sandboxed environments for the Jinja2 template engine used internally for template rendering for the following objects: - extras.ComputedFiel...

7.7CVSS9AI score0.01526EPSS
Exploits0References7
Rows per page
Query Builder