Lucene search
K

220 matches found

Positive Technologies
Positive Technologies
added 2023/03/17 12:0 a.m.1 views

PT-2023-35709 · Git +1 · Mruby

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-use-after-free READ 1 crash type. The crash state involves several function calls, including mrb str hash m, mrb funcall...

6.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/16 12:0 a.m.2 views

PT-2023-35702 · Git +1 · Flac

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow write error. Technical details include the crash type being a Heap-buffer-overflow WRITE 4, and the crash...

7AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/14 12:0 a.m.1 views

PT-2023-35697 · Git +1 · Mruby

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-use-after-free READ 4 crash type. The crash state involves several function calls, including mrb gc mark, mrb gc mark iv,...

6.9AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/06 6:22 a.m.3 views

Multiple vulnerabilities in PostgreSQL extension module pg_ivm

Overview pgivm provided by IVM Development Group is a PostgreSQL extension module that provides incremental view maintenance functionality of materialized views. pgivm contains multiple vulnerabilities listed below. Exposure of sensitive information to an unauthorized actor CWE-200 - CVE-2023-228...

8.8CVSS7AI score0.00939EPSS
Exploits0References9
CNNVD
CNNVD
added 2023/03/02 12:0 a.m.5 views

XWiki Platform 安全漏洞

XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the French company XWiki. A security vulnerability exists in XWiki Platform that originates from a user being able to infer the contents of a password field through repeated function calls...

7.5CVSS7.3AI score0.00894EPSS
Exploits1References4
Code423n4
Code423n4
added 2023/03/01 12:0 a.m.7 views

Upgraded Q -> 2 from #795 [1677634099280]

Judge has assessed an item in Issue 795 as 2 risk. The relevant finding follows: 04 VALUES OF fees ARE NOT CHECKED IN Vault.initialize FUNCTION When calling the following Vault.initialize function, the values of fees are not checked. It is possible that these fees are set to be above 1e18 when...

6.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/02/28 12:0 a.m.2 views

PT-2023-35600 · Git +1 · Mruby

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-use-after-free READ 4 crash type. The crash state involves several function calls, including mrb gc mark, mrb gc mark iv,...

6.9AI score
Exploits0References2
Code423n4
Code423n4
added 2023/02/24 12:0 a.m.10 views

Upgraded Q -> 2 from #596 [1677228840417]

Judge has assessed an item in Issue 596 as 2 risk. The relevant finding follows: withdraw and redeem function withdraw IERC4626 vault, address to, uint256 amount, uint256 maxSharesOut public payable virtual override returns uint256 sharesOut ERC20addressvault.safeApproveaddressvault, amount; if...

6.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:40 a.m.2 views

SUSE CVE-2013-1711

The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting XSS attack...

4.3CVSS7.9AI score0.02158EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.4 views

SUSE CVE-2021-38297

Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used...

6.2CVSS8.8AI score0.10299EPSS
Exploits0References19
Kitploit
Kitploit
added 2023/01/06 11:30 a.m.45 views

DotDumper - An Automatic Unpacker And Logger For DotNet Framework Targeting Files

An automatic unpacker and logger for DotNet Framework targeting files! This tool has been unveiled at Black Hat USA 2022. The automatic detection and classification of any given file in a reliable manner is often considered the holy grail of malware analysis. The trials and tribulations to get...

7.1AI score
Exploits0References10
WPVulnDB
WPVulnDB
added 2023/01/06 12:0 a.m.15 views

ContentStudio < 1.2.6 - Unauthorised Function Calls

The plugin does not have authorisation checks in various functions, which could allow unauthenticated users to retrieve arbitrary metadata, including the plugin's token used in other actions like when creating a post...

9.8CVSS4.9AI score0.00952EPSS
Exploits1Affected Software1
OSV
OSV
added 2023/01/03 3:15 a.m.4 views

CVE-2022-43438

The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attacker authenticated as a general user can exploit this vulnerability to bypass the intended access restrictions, to make API functions calls, manipulate system and terminate service...

8.8CVSS5.8AI score0.00794EPSS
Exploits0References1
OSV
OSV
added 2022/12/25 4:15 a.m.3 views

CVE-2022-45891

Planet eStream before 6.72.10.07 allows attackers to call restricted functions, and perform unauthenticated uploads Upload2.ashx or access content uploaded by other users View.aspx after Ajax.asmx/SaveGrantAccessList...

9.1CVSS5.8AI score0.00723EPSS
Exploits3References1
Code423n4
Code423n4
added 2022/12/21 12:0 a.m.5 views

A BETTER APPROACH TO REVERTING CODE LINES ON _ADDCOLLATERALTOVAULT() AND _REMOVECOLLATERAL()

Lines of code Vulnerability details Impact In PaperControl.sol, callers would have to deal with function pre-maturely reverting upon encountering an element in collateralArr failing to pass the if statement in the function logic of addCollateralToVault and removeCollateral. The amount of gas wast...

6.7AI score
Exploits0
OSV
OSV
added 2022/12/13 6:30 p.m.33 views

GHSA-VR8J-HGMM-JH9R Denial of service by double-checked locking in openssl-src

If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems most widely: Windows this results in a denial of service when the affected process hangs. Policy processing being enabled o...

8.7CVSS6.2AI score0.0123EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/11/24 12:0 a.m.4 views

PT-2022-25826 · Unknown · Qmpass/Leadshop

Name of the Vulnerable Software and Affected Versions: qmpass/leadshop version 1.4.15 Description: The issue allows an attacker to control the target host by calling any function in leadshop.php via the GET method, potentially leading to remote code execution RCE. This can enable an attacker to...

9.8CVSS8.9AI score0.00936EPSS
Exploits1References7
BDU FSTEC
BDU FSTEC
added 2022/11/16 12:0 a.m.4 views

The vulnerabilities of Firefox browsers, Firefox ESR, and the email client Thunderbird, related to information representation errors in the user interface, allow attackers to perform spear-phishing attacks.

The vulnerabilities of Firefox browsers, Firefox ESR, and the email client Thunderbird are related to information representation errors in the user interface. Exploiting these vulnerabilities can allow attackers to perform spear-phishing attacks by making a series of pop-up windows and calls to...

9.4CVSS6.9AI score0.0061EPSS
Exploits0References11Affected Software6
Code423n4
Code423n4
added 2022/11/09 12:0 a.m.13 views

Governor ownership can be lost because of not sanity check

Lines of code Vulnerability details Governor ownership can be lost because of no checks Impact Sanity checks are important to not affect reputation / flows and users of the protocol when a mistake is done. 0 address should be checked for important address assignments in this case, only done in th...

6.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/10/21 12:0 a.m.7 views

PT-2022-36696 · Git +1 · Clamav

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state involves several function calls, including fp cmp mag, crtmgr trust list lookup, an...

6.9AI score
Exploits0References2
Rows per page
Query Builder