Lucene search
K

216 matches found

Code423n4
Code423n4
added 2022/10/23 12:0 a.m.23 views

LBPair swap() can be front-runned, a malicious attacker can call swap with higher gas than a user, getting the user swap amount transferred to the attacker address

Lines of code Vulnerability details Impact In the LBPair.sol contract, when a user calls swap after transferring tokens to the Pair, a malicious attacker can front-run that tx then call swap on the same pair with the parameter to changed to an malicious address of his choice, paying a higher gass...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/27 12:0 a.m.13 views

Users can regain gobblers they use to mint Legendary Gobbler with.

Lines of code Vulnerability details Impact Users can mint legendary gobblers without actually burning their gobblers by using the GobblersERC721.approve function to approve themselves before minting their legendary gobbler the burn mechanism, doesn't delete the getApproved approved entry for that...

6.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/09/01 12:0 a.m.6 views

PT-2022-23487 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.97 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities are located at the /dede/co do.php endpoint via the dopost, rpok, and aid parameters. Recommendations: For DedeCMS...

6.1CVSS6.3AI score0.0051EPSS
Exploits1References4
NVD
NVD
added 2022/08/24 4:15 p.m.22 views

CVE-2021-4159

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating som...

4.4CVSS0.00236EPSS
Exploits0References5
OSV
OSV
added 2022/08/24 4:15 p.m.8 views

CVE-2021-4159

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating som...

4.4CVSS7.6AI score0.00236EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/08/05 12:0 a.m.6 views

PT-2022-15845 · Tcl · Tcl Linkhub Mesh Wi-Fi

Name of the Vulnerable Software and Affected Versions: TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 Description: A stack-based buffer overflow issue exists in the confsrv confctl set app language functionality. This can be triggered by a specially-crafted network packet, leading to a stack-based buffe...

9.8CVSS8.6AI score0.01096EPSS
Exploits1References3
wpexploit
wpexploit
added 2022/07/07 12:0 a.m.220 views

Copyright Proof <= 4.16 - Reflected Cross-Site-Scripting

The plugin does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting when a specific setting is enabled. To make it easier to verify the vulnerability without the nee...

6.1CVSS6.1AI score0.00922EPSS
Exploits2
CVE
CVE
added 2022/05/05 12:0 a.m.472 views

CVE-2022-24903

CVE-2022-24903 affects rsyslog TCP syslog reception modules, where heap-based overflow can occur when octet-counted framing is enabled. The root cause is that during parsing the octet count, digits are written to a heap buffer even if the count exceeds the maximum, allowing memory overrun; once t...

8.1CVSS8.7AI score0.03821EPSS
Exploits0References6Affected Software1
The Hacker News
The Hacker News
added 2022/04/28 5:41 a.m.3442 views

U.S. Cybersecurity Agency Lists 2021's Top 15 Most Exploited Software Vulnerabilities

Log4Shell, ProxyShell, ProxyLogon, ZeroLogon, and flaws in Zoho ManageEngine AD SelfService Plus, Atlassian Confluence, and VMware vSphere Client emerged as some of the top exploited security vulnerabilities in 2021. That's according to a "Top Routinely Exploited Vulnerabilities" report released ...

10CVSS1.7AI score0.99999EPSS
Exploits72
OpenVAS
OpenVAS
added 2022/04/21 12:0 a.m.24 views

Slackware: Security Advisory (SSA:2021-143-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS7.2AI score0.19433EPSS
Exploits1References3
CNVD
CNVD
added 2022/02/10 12:0 a.m.41 views

Linux kernel information disclosure vulnerability (CNVD-2022-13356)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from an information disclosure vulnerability that stems from a vulnerability found in the Linux kernel's eBPF validation program when dealing with...

5.5CVSS5.7AI score0.00255EPSS
Exploits0References1
Prion
Prion
added 2022/02/04 11:15 p.m.25 views

Memory corruption

A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating som...

2.1CVSS5.1AI score0.00255EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/02/04 12:0 a.m.132 views

CVE-2022-0264

CVE-2022-0264 : The Linux kernel eBPF verifier has a vulnerability in how it handles internal data structures, allowing leakage of internal kernel memory to userspace when eBPF code is inserted into the kernel. A local attacker with insertion privileges could exploit this to access kernel memory ...

5.5CVSS5.7AI score0.00255EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/10/14 12:0 a.m.27 views

Scientific Linux Security Update : 389-ds-base on SL7.x x86_64 (2021:3807)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2021:3807-1 advisory. - 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed CVE-2021-3652 Note that Nessus has not tested for this issue but has...

6.5CVSS6.8AI score0.01349EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2021/09/22 7:16 p.m.93 views

MSHTML attack targets Russian state rocket centre and interior ministry

Malwarebytes has reason to believe that the MSHTML vulnerability listed under CVE-2021-40444 is being used to target Russian entities. The Malwarebytes Intelligence team has intercepted email attachments that are specifically targeting Russian organizations. The first template we found is designe...

6.8CVSS0.96843EPSS
Exploits38
Redos
Redos
added 2021/09/08 12:0 a.m.12 views

ROS-2-1589

2.1589 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...

10CVSS8.1AI score0.06132EPSS
Exploits1
Redos
Redos
added 2021/09/08 12:0 a.m.16 views

ROS-2-1754

2.1754 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...

7.7CVSS9.9AI score0.52838EPSS
Exploits10
Redos
Redos
added 2021/09/08 12:0 a.m.14 views

ROS-2-1618

2.1618 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...

9.8CVSS7.9AI score0.05984EPSS
Exploits0
Redos
Redos
added 2021/09/08 12:0 a.m.5 views

ROS-2-2053

2.2053 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...

10CVSS8.5AI score0.05984EPSS
Exploits0
Redos
Redos
added 2021/09/08 12:0 a.m.9 views

ROS-2-1820

2.1820 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...

9.8CVSS8AI score0.03636EPSS
Exploits8
Rows per page
Query Builder