6678 matches found
Solmate's ERC20 does not check for token contract's existence
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Not checking for token existence is a know issue for Solmate. This can cause unexpected contract functionality for transfers implemented in the codes. Proof of Concept Provide direct links to all...
Server-Side Request Forgery (SSRF)
arc/web is vulnerable to Server-Side Request Forgery SSRF. A remote attacker is able exploit the SSRF vulnerability to abuse server functionality and access or modify resources via the construct function of src/url/Url.php...
Null pointer dereference
A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmetsetupauth, allows an attacker to perform a Pre-Auth Denial of Service DoS attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4...
CVE-2023-0122
A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmetsetupauth, allows an attacker to perform a Pre-Auth Denial of Service DoS attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4...
Sql injection
A vulnerability was found in VictorFerraresi pokemon-database-php. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The patch is named dd0e1e6cdf648d6a3deff441f515bcb1d7573d68. It is recommended to apply a patch...
CVE-2023-22316
Hidden functionality vulnerability in PIX-RT100 versions RT100TEQ2.1.1EQ101 and RT100TEQ2.1.2EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH services...
CVE-2023-22316
Hidden functionality vulnerability in PIX-RT100 versions RT100TEQ2.1.1EQ101 and RT100TEQ2.1.2EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH services...
Design/Logic Flaw
Hidden functionality vulnerability in PIX-RT100 versions RT100TEQ2.1.1EQ101 and RT100TEQ2.1.2EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH services...
PT-2023-33391 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.269 Description: The issue concerns a use-after-free in the ip6 fragment function. This problem was introduced in version v4.13 and is fixed in Linux Kernel version v4.19.269. The actual impact and attack...
PT-2023-33425 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.302 Description: The issue concerns a use-after-free in the ip6 fragment function. This problem was introduced in version v4.13 and is fixed in Linux Kernel version v4.14.302. The actual impact and attack...
PT-2023-33576 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.17 Description: The issue is related to the eventfd functionality. A helper function, eventfd signal mask, has been introduced. The actual impact and potential for exploitation have not been confirmed yet...
PT-2023-33585 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.17 Description: The issue is related to the pnode functionality, specifically the termination at peers of the source. The actual impact and attack plausibility have not yet been proven. Recommendations: For...
CVE-2023-22316
Hidden functionality vulnerability in PIX-RT100 versions RT100TEQ2.1.1EQ101 and RT100TEQ2.1.2EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH services...
PT-2023-33196 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.83 Description: The issue concerns a use-after-free in the ip6 fragment function. This problem was introduced in version v4.13 and is fixed in Linux Kernel version v5.15.83. The actual impact and attack...
CVE-2023-22316
Hidden functionality vulnerability in PIX-RT100 versions RT100TEQ2.1.1EQ101 and RT100TEQ2.1.2EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH services...
CVE-2023-0122
A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmetsetupauth, allows an attacker to perform a Pre-Auth Denial of Service DoS attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4...
prodigasistemas curupira SQL注入漏洞
curupira is a simple authentication and authorization method from Pródiga Sistemas open source. A SQL injection vulnerability exists in prodigasistemas curupira, which stems from the presence of unknown functionality in the file app/controllers/curupira/passwordscontroller.rb, leading to SQL...
clan7ups SQL注入漏洞
clan7ups is an offshoot of the old Destiny Universal Point System. An SQL injection vulnerability exists in antonbolling clan7ups, which stems from a problem with the unknown functionality of the component Login/Session, leading to SQL injection...
Exploit for Code Injection in Vmware Spring_Cloud_Function
CVE-2022-22963 Exploit Description In Spring Cloud Funct...
PT-2023-10225 · Unknown · Lolfeedback
Name of the Vulnerable Software and Affected Versions: lolfeedback affected versions not specified Description: A critical issue has been found, affecting an unknown functionality, which leads to sql injection. Recommendations: At the moment, there is no information about a newer version that...