Lucene search
K

9165 matches found

The Hacker News
The Hacker News
added 2023/07/12 11:4 a.m.28 views

The Risks and Preventions of AI in Business: Safeguarding Against Potential Pitfalls

Artificial intelligence AI holds immense potential for optimizing internal processes within businesses. However, it also comes with legitimate concerns regarding unauthorized use, including data loss risks and legal consequences. In this article, we will explore the risks associated with AI...

6.4AI score
Exploits0
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.10 views

No fee swap is possible through addLiquidity and removeLiquidityImbalanced

Lines of code Vulnerability details impact Some will not pay swap fees even after the swap fee is added. proof of concept This is equivalent to swap 1000 tokenA to 500 tokenB, but no fee calculation code lies in adding and removing liquidity. Add this test in Well.AddLiquidity.t.sol. function...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.8 views

Absence of Function calcReserve(...) at src/interfaces/IBeanstalkWellFunction.sol

Lines of code Vulnerability details Impact Absence of Function calcReserve... at src/interfaces/IBeanstalkWellFunction.sol will affect the implementation of the function, the implementation is done in src/functions/ConstantProduct2.sol but the implementation cannot be accessed at...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.7 views

You can expand your version of well in Aquifer.boreWell() with unpredictable results

Lines of code Vulnerability details Impact boreWell takes an implementation parameter. This parameter is not checked in any way. Thus, the user can pass any of his parameters and expand his well option. This can lead to unpredictable consequences. Proof of Concept 1. The user creates his own...

6.9AI score
Exploits0
NVD
NVD
added 2023/07/06 4:15 p.m.48 views

CVE-2023-37260

league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException...

8.2CVSS8.2AI score0.00783EPSS
Exploits0References3
Veracode
Veracode
added 2023/07/04 7:41 a.m.23 views

Weak Cryptography

github.com/bishopfox/sliver is vulnerable to weak cryptography. The vulnerability exists because it does not properly implement Nacl Box libsodium, which allows an attacker to execute arbitrary codes on implanted devices and intercept user responses...

8.1CVSS7.5AI score0.00588EPSS
Exploits0References5Affected Software1
Code423n4
Code423n4
added 2023/07/03 12:0 a.m.9 views

[H] Users can lose funds if they call depositEtherToMint

Lines of code Vulnerability details Impact Due to only an interface implementation of function submit in Lido contract, users will lose funds due to non-existent implementation. Proof of Concept The comments in the code suggest that when users deposit ETH, it should be directly deposited into the...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/30 9:4 a.m.57 views

WhatsApp Upgrades Proxy Feature Against Internet Shutdowns

Meta's WhatsApp has rolled out updates to its proxy feature, allowing more flexibility in the kind of content that can be shared in conversations. This includes the ability to send and receive images, voice notes, files, stickers and GIFs, WhatsApp told The Hacker News. The new features were firs...

6.8AI score
Exploits0
OSV
OSV
added 2023/06/28 6:15 p.m.3 views

CVE-2023-21200

In onremoveisodatapath of btmisoimpl.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

5.5CVSS5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/06/28 12:0 a.m.6 views

PT-2023-17969 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android version Android-13 Description: In the xmlParseTryOrFinish function of parser.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution...

7.5CVSS7.4AI score0.00455EPSS
Exploits0References4
RustSec
RustSec
added 2023/06/26 12:0 p.m.3 views

impl `FromMdbValue` for bool is unsound

The implementation of FromMdbValue have several unsoundness issues. First of all, it allows to reinterpret arbitrary bytes as a bool and could make undefined behavior happen with safe function. Secondly, it allows transmuting pointer without taking memory layout into consideration. The details of...

7.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2023/06/22 4:23 p.m.14 views

How medical device manufacturers can address new FDA cybersecurity guidelines

Advancements in technology in the healthcare industry have made medical devices increasingly vulnerable to cyber attacks. To embed better security practices into the manufacturing and implementation of medical devices, the FDA released a new mandate requiring a comprehensive cybersecurity plan fo...

7AI score
Exploits0
Ubuntu
Ubuntu
added 2023/06/22 12:54 p.m.78 views

USN-6186-1: Linux kernel vulnerabilities

Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrar...

7.8CVSS7.1AI score0.16642EPSS
Exploits7
Code423n4
Code423n4
added 2023/06/21 12:0 a.m.10 views

M-03 Unmitigated

Lines of code Vulnerability details Mitigation of M-03: Issue not mitigated, see comments Link to Issue: code-423n4/2023-05-ambire-findings16 Comments The issue is not mitigated. There is an error in the implementation of the mitigation of M-03. See report adriro-MR-M-03-ERROR for details. Assess...

6.9AI score
Exploits0
Ubuntu
Ubuntu
added 2023/06/16 8:27 p.m.72 views

USN-6175-1: Linux kernel vulnerabilities

Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrar...

7.8CVSS7.1AI score0.16642EPSS
Exploits7
Ubuntu
Ubuntu
added 2023/06/16 7:55 p.m.89 views

USN-6173-1: Linux kernel (OEM) vulnerabilities

Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-31436 It was discovered that the...

9.8CVSS7.1AI score0.16642EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2023/06/16 7:40 p.m.24 views

@apollo/server vulnerable to unsafe application of Content Security Policy via reused nonces

Context Content Security Policies CSP are a defense-in-depth strategy against XSS attacks. Improper application of CSP isn't itself a vulnerability, but it does fail to prevent XSS in the event that there is a viable attack vector for an XSS attack. Impact There aren't any XSS attack vectors via...

10AI score
Exploits0References3Affected Software1
Ubuntu
Ubuntu
added 2023/06/14 12:2 p.m.72 views

USN-6162-1: Linux kernel (Intel IoTG) vulnerabilities

Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrar...

7.8CVSS7.4AI score0.16642EPSS
Exploits7
RedhatCVE
RedhatCVE
added 2023/06/14 9:15 a.m.21 views

CVE-2023-24535

A flaw was found in the golang implementation of the protobuf protocol. This issue occurs when parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input, which will cause a panic...

7.5CVSS7.3AI score0.01089EPSS
Exploits0References6
Citrix
Citrix
added 2023/06/12 12:0 a.m.7 views

Complete SSO at CWA launch

Once CWA.exe starts user is not fully signed in user uses SAML to sign in to their local machine. User will need to interactive with CWA Launch a resource or refresh CWA to complete the authentication which results enumeration for new changes for the CWA. How to achieve SSO at CWA.exe at launch s...

7.1AI score
Exploits0
Rows per page
Query Builder