Lucene search
K

132 matches found

Code423n4
Code423n4
added 2021/12/18 12:0 a.m.10 views

_mint721() function can be broken because of strict equality check on token balance

Handle jayjonah8 Vulnerability details Impact In NFTXMarketplaceZap.sol the mint721 function has a require check that the balance must be equal to the amount of vault tokens in the contract. uint256 balance = count BASE - count INFTXVaultvault.mintFee; requirebalance ==...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/12/18 12:0 a.m.11 views

NFTXMarketplaceZap Performs A Dangerous Equality Check Which Can Brick Contract

Handle leastwood Vulnerability details Impact NFTXMarketplaceZap provides an interface for users to interact with NFTX vaults by buying, selling and swapping ERC1155/ERC721 tokens. The mint721 and mint1155 functions perform strict equality checks on the vaults token balance for the...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/12/18 12:0 a.m.12 views

NFTXStakingZap Performs A Dangerous Equality Check Which Can Brick Contract

Handle leastwood Vulnerability details Impact NFTXStakingZap provides an interface for users to interact with NFTX vaults by adding ERC1155/ERC721 tokens as liquidity. The addLiquidity721WETH and addLiquidity1155WETH functions perform strict equality checks on the vaults balance for the...

7AI score
Exploits0
OSV
OSV
added 2021/09/01 6:15 p.m.45 views

CVE-2021-23436

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...

9.8CVSS9.4AI score
Exploits0References3
AlpineLinux
AlpineLinux
added 2021/09/01 5:30 p.m.38 views

CVE-2021-23436

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...

9.8CVSS7.6AI score0.02293EPSS
Exploits2References3
CNNVD
CNNVD
added 2021/05/28 12:0 a.m.4 views

Cesanta MJS 缓冲区错误漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++, designed for microcontrollers with limited resources. A stack overflow vulnerability exists in parseequality in Cesanta MJS version 1.20.1. An attacker can exploit this vulnerability via specially crafted files to cause a denial of service...

5.5CVSS5.7AI score0.00823EPSS
Exploits1References1
Malwarebytes
Malwarebytes
added 2021/03/08 12:50 p.m.38 views

International Women’s Day: Women in tech name their heroes

Happy Monday! And if you haven’t yet checked the significance of this day—March 8—before grabbing coffee, today is International Women’s Day IWD. Since March 19, 1911, the year the very first IWD was observed in several European countries, millions of people have been calling for women to be give...

7.3AI score
Exploits0
CNNVD
CNNVD
added 2020/12/31 12:0 a.m.4 views

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in sodiumoxide crate for Rust versions prior to 0.2.5, which stems from generichash::Digest::eq comparing itself and thus has degenerate security properties. No details of the...

9.8CVSS5.8AI score0.01484EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.14 views

SUSE SLES12 Security Update : openldap2 (SUSE-SU-2020:3315-1)

This update for openldap2 fixes the following issues : CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules bsc1178387. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE securit...

7.5CVSS7.4AI score0.02183EPSS
Exploits0References4
Akamai Blog
Akamai Blog
added 2020/12/01 1:0 p.m.39 views

Akamai Foundation and Employee Resource Groups Unite

Written by Kara DiGiacomo, Executive Director, Akamai Foundation and Marco Irizarry, Global Manger, Diversity, Inclusion and Social Responsibility On Giving Tuesday, we celebrate joining others in a global movement to give, collaborate, and transform communities and the world. As we think about h...

0.6AI score
Exploits0
Akamai Blog
Akamai Blog
added 2020/11/18 5:30 p.m.30 views

Toward Inclusive Language in Software

Akamai opposes racism in all its forms and is committed to providing an inclusive, fair, and respectful environment for both our customers and our employees. As part of this commitment, we are joining other technology-industry leaders in removing biased, oppressive, and racially insensitive...

0.2AI score
Exploits0
OSV
OSV
added 2020/11/12 3:12 p.m.8 views

SUSE-SU-2020:3315-1 Security update for openldap2

This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules bsc1178387...

7.5CVSS7.5AI score0.02183EPSS
Exploits0References3
OSV
OSV
added 2020/11/11 11:28 a.m.6 views

SUSE-SU-2020:14541-1 Security update for openldap2

This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules bsc1178387...

7.5CVSS7.5AI score0.02183EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2020/09/25 7:0 a.m.4 views

An issue was discovered in the OpenSSL library in Ruby before 2.3.8 2.4.x before 2.4.5 2.5.x before 2.5.2 and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using == depending on the ordering non-equal objects may return true. When the first argument is one character longer than the second or the second argument contains a character that is one less than a character in the same position of the first argument the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.

...

9.8CVSS9.6AI score0.10715EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2020/08/10 3:17 p.m.1 views

OpenJDK: Unexpected exception raised by DerValue.equals() (Libraries, 8237736)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols ...

4.3CVSS6.7AI score0.04044EPSS
Exploits0References4
Trend Micro Simply Security
Trend Micro Simply Security
added 2020/06/05 5:14 a.m.27 views

Message from Eva Chen – as a human being, not a CEO: We need to speak out and act against racism

I would like to express my outrage over the brutal killings of George Floyd, Breonna Taylor, and Ahmaud Arbery – not as the CEO of an international company, but as a human being and a citizen of the world. It makes me very sad, but also intensely frustrated and angry to realize how little is bein...

0.5AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2019/11/09 2:43 a.m.88 views

How Do We Bring Equality to Data Ownership and Usage?

Computational biologist Laura Boykin says scientists are “asleep at the wheel”; activist Malkia Devich-Cyril says citizens also need to pressure technology companies to change...

3.3AI score
Exploits0
Kitploit
Kitploit
added 2019/10/23 9:8 p.m.97 views

Slither v0.6.7 - Static Analyzer For Solidity

Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code...

7.6AI score
Exploits0References65
Akamai Blog
Akamai Blog
added 2019/08/28 1:10 p.m.45 views

Increasing Female Leadership in Technology

The lack of women in technology is a well-documented issue. In the United States, women account for only about 25% of computer and mathematical occupations, and only about 16% of engineering jobs. Worse still, women hold only 5% of leadership positions in the tech industry. Clearly the industry h...

7.3AI score
Exploits0
RedHat Linux
RedHat Linux
added 2019/08/27 11:12 a.m.113 views

Important: Red Hat Security Advisory: ruby security update

An update for ruby is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

9.8CVSS7.2AI score0.10715EPSS
Exploits0References2
Rows per page
Query Builder