Lucene search
K

91 matches found

CNNVD
CNNVD
added 2024/04/25 12:0 a.m.5 views

Vyper 安全漏洞

Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper 0.3.10 and earlier versions, which stems from a default function that does not take into account non-re-entrant keys and does not emit locks...

5.3CVSS6.8AI score0.00415EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/04/17 12:0 a.m.3 views

PT-2024-40174 · Derby · Derby

Name of the Vulnerable Software and Affected Versions: derby affected versions not specified Description: A prototype pollution issue in derby can cause the application to crash if the application author has atypical HTML templates that feed user input into an object key. Attribute keys are...

7.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/03/27 12:0 a.m.6 views

PT-2024-40680 · Git +1 · Quickjs

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 1 crash has been reported. The crash state includes functions such as emit goto, emit class field init, and js parse function...

7AI score
Exploits0References2
OSV
OSV
added 2024/01/25 11:15 p.m.3 views

CVE-2024-21620

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's...

6.1CVSS5.9AI score0.00908EPSS
Exploits0References1
Prion
Prion
added 2023/12/11 11:15 p.m.20 views

Input validation

Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, when a user changes their login password in Uptime Kuma, a previously logged-in user retains access without being logged out. This behavior persists consistently, even after system restarts or browser restarts. Th...

4.3CVSS6.9AI score0.00267EPSS
Exploits1References3Affected Software2
Vulnrichment
Vulnrichment
added 2023/12/11 10:32 p.m.17 views

CVE-2023-49804 Uptime Kuma Password Change Vulnerability

Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, when a user changes their login password in Uptime Kuma, a previously logged-in user retains access without being logged out. This behavior persists consistently, even after system restarts or browser restarts. Th...

6.7CVSS6.7AI score0.00263EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:2 a.m.4 views

SUSE CVE-2020-7021

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emitrequestbody option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch...

4.9CVSS6.4AI score0.01313EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/09/18 12:0 a.m.4 views

PT-2022-37287 · Git +1 · Bluez

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 4 crash has been reported. The crash involves the following functions: element end, emit end element, and g markup parse...

7AI score
Exploits0References2
Code423n4
Code423n4
added 2022/08/17 12:0 a.m.16 views

Return values not being checked

Lines of code Vulnerability details Return values not being checked Impact Return values not being checked may lead into unexpected behaviors with functions. Not events/Error are being emitted if that fails, so functions would be called even of not being working as expect as for example...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/05/14 12:0 a.m.6 views

Add max fee in setFee and emit event

Lines of code Vulnerability details Impact Malicious owner can steal all ETH of a sell. Proof of Concept The function setFeeCallyNFT.sol is critical as it set the amount of ETH that the protocol will receive. A malicious owner can set the fee to 1e18 and all ETH after exercise will go to the owne...

6.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/04/15 6:15 p.m.3 views

CVE-2021-44484

An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in calls to emittrip in srport/emitcode.c allows attackers to crash the application by dereferencing a NULL pointer...

7.5CVSS7.1AI score0.01178EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/04/15 6:15 p.m.2 views

CVE-2021-44485

An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in tripgen in srport/emitcode.c allows attackers to crash the application by dereferencing a NULL pointer...

7.5CVSS7.1AI score0.01178EPSS
Exploits1References2
Code423n4
Code423n4
added 2022/01/31 12:0 a.m.6 views

Timelock for sNOTE.sol:setCoolDownTime()

Handle Dravee Vulnerability details Impact It is a good practice to give time for users to react and adjust to critical changes. Proof of Concept Here, if the cooldown were to be updated by being raised: a user that was falling outside of it might get right back inside the cooldown period at a...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/01/01 12:0 a.m.6 views

PT-2025-8195

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer overflow issue has been identified in the Linux kernel's MMC core, which used the sprintf function for sysfs output. This function is vulnerable to buffer overflow. The issue wa...

8.8CVSS7.4AI score0.0084EPSS
Exploits1References87
Microsoft CVE
Microsoft CVE
added 2021/12/01 8:0 a.m.4 views

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.

...

4.9CVSS7AI score0.01313EPSS
Exploits0
OSV
OSV
added 2021/10/22 5:12 p.m.8 views

CLSA-2021-1634922728 Fixed 22 CVEs in kernel

ELS-138: netfilter: xtables: add missing tables zeroing - ELS-138: CVE-2021-33909: seqfile: disallow extremely large seq buffer allocation - ELS-138: CVE-2021-22555: netfilter: xtables: fix compat match/target pad out-of-bound write - ELS-138: CVE-2020-29661: tty: Fix -pgrp locking in tiocspgrp -...

8.3CVSS7AI score0.78684EPSS
Exploits52References1
OSV
OSV
added 2021/09/21 10:1 p.m.14 views

CLSA-2021-1632261664 Fix of CVE: CVE-2021-27364, CVE-2021-27363, CVE-2021-27365

CVE-2021-27365: scsi: iscsi: Ensure sysfs attributes are limited to PAGESIZE - CVE-2021-27365: scsi: iscsi: Verify lengths on passthrough PDUs - CVE-2021-27363: CVE-2021-27364: scsi: iscsi: Restrict sessions and handles to admin capabilities - sysfs: Add sysfsemit and sysfsemitat to format sysfs...

7.8CVSS6.8AI score0.02079EPSS
Exploits3References1
Code423n4
Code423n4
added 2021/07/11 12:0 a.m.9 views

The fallback receiver address could get twice the toSend amount

Handle s1m0 Vulnerability details In that block of code there are 2 external call inside a try/catch statements. In both the catch the toSend amount is transferred to the fallback receiver address effectively transferring twice if the 2 external call fail. Impact In the fulfill function the...

6.9AI score
Exploits0
CNVD
CNVD
added 2021/06/12 12:0 a.m.11 views

Unspecified Vulnerability in JerryScript (CNVD-2021-42992)

JerryScript is a lightweight JavaScript engine . A security vulnerability exists in parseremitcbcbackwardbranch in /home/JerryScript/jerry-core/parser/js/js-parser-util.c in JerryScript version 2.2.0. No details of the vulnerability are provided at this time...

7.5CVSS6.7AI score0.01083EPSS
Exploits1References1
NVD
NVD
added 2021/06/10 11:15 p.m.28 views

CVE-2020-23319

There is an Assertion in 'flags CBCSTACKADJUSTSHIFT = CBCSTACKADJUSTBASE || CBCSTACKADJUSTBASE - flags CBCSTACKADJUSTSHIFT stackdepth' in parseremitcbcbackwardbranch in JerryScript 2.2.0...

7.5CVSS0.01083EPSS
Exploits1References1
Rows per page
Query Builder