Lucene search
K

9178 matches found

Code423n4
Code423n4
added 2023/05/11 12:0 a.m.11 views

Integer Overflow/Underflow in function fundTreasury.

Lines of code Vulnerability details Impact fundTreasury function in the GrantFund.sol contract is vulnerable to integer overflow if the value of treasury variable is close to the maximum value of a uint256 integer, which is 2^256-1, and a large value of fundingAmount is added to it. It is possibl...

7AI score
Exploits0
Ubuntu
Ubuntu
added 2023/05/10 5:2 p.m.96 views

USN-6072-1: Linux kernel (OEM) vulnerabilities

It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the...

7.8CVSS7.3AI score0.0788EPSS
Exploits16
Ubuntu
Ubuntu
added 2023/05/10 3:11 p.m.86 views

USN-6071-1: Linux kernel (OEM) vulnerabilities

It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the...

7.8CVSS7.2AI score0.0788EPSS
Exploits18
CVE
CVE
added 2023/05/10 12:0 a.m.72 views

CVE-2023-25568

CVE-2023-25568 affects Boxo (formerly go-libipfs) Bitswap/server. In Boxo versions 0.4.0 and 0.5.0, an attacker can allocate unbounded bytes in the Bitswap server, with allocations persisting after the connection closes, impacting users accepting untrusted connections and users importing old bits...

8.2CVSS7.7AI score0.00856EPSS
Exploits0References4Affected Software1
Code423n4
Code423n4
added 2023/05/08 12:0 a.m.13 views

Mitigation of M-07: Issue not mitigated

MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of M-07: Issue not mitigated Link to Issue: code-423n4/2023-03-asymmetry-findings765 Comments While the principal issue for M-07 described a de-peg scenario, which eventually was interpreted as a "black swan" event, I do think the...

6.7AI score
Exploits0
Fedora
Fedora
added 2023/05/07 1:24 a.m.13 views

[SECURITY] Fedora 38 Update: rust-rpm-sequoia-1.4.0-2.fc38

An implementation of the RPM PGP interface using Sequoia...

7.5CVSS7.1AI score0.01121EPSS
Exploits1
OSV
OSV
added 2023/05/05 10:14 a.m.9 views

USN-6057-1 linux-intel-iotg vulnerabilities

It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-1281 It was discovered that the OverlayFS...

7.8CVSS6.9AI score0.0788EPSS
Exploits15References11
Microsoft CVE
Microsoft CVE
added 2023/05/05 7:0 a.m.35 views

Chromium: CVE-2023-2462 Inappropriate implementation in Prompts

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

4.3CVSS6AI score0.00801EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2023/05/05 7:0 a.m.39 views

Chromium: CVE-2023-2459 Inappropriate implementation in Prompts

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

6.5CVSS7.2AI score0.00968EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2023/05/05 7:0 a.m.37 views

Chromium: CVE-2023-2468 Inappropriate implementation in PictureInPicture

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

4.3CVSS6AI score0.00801EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2023/05/05 7:0 a.m.31 views

Chromium: CVE-2023-2465 Inappropriate implementation in CORS

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

4.3CVSS6AI score0.00966EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/05/05 12:0 a.m.31 views

Debian DSA-5398-1 : chromium - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5398 advisory. - Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML...

8.8CVSS7.2AI score0.00968EPSS
Exploits0References24
Code423n4
Code423n4
added 2023/05/04 12:0 a.m.7 views

StrategyBase.underlyingToShares() cannot be overridden to intended mutability

Lines of code Vulnerability details Impact An implementation of underlyingToShares, as inherited from StrategyBase.sol, cannot contrary to intentions make state modifications. This implies that StrategyBase.sol may become useless as a base contract to inherit from. Proof of Concept StrategyBase.s...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/05/04 12:0 a.m.12 views

Users can avoid getting their queuedWithdrawal slashed because of the wrong implementation.

Lines of code Vulnerability details Impact Users can avoid getting their queuedWithdrawal slashed because of the wrong implementation. Proof of Concept Let's take a look at the following code snippet from StrategyManagerslashQueuedWithdrawal. // keeps track of the index in the indicesToSkip array...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/05/04 12:0 a.m.12 views

StrategyBase.sharesToUnderlying() cannot be overridden to intended mutability

Lines of code Vulnerability details Impact An implementation of sharesToUnderlying, as inherited from StrategyBase.sol, cannot contrary to intentions make state modifications. This implies that StrategyBase.sol may become useless as a base contract to inherit from. Proof of Concept StrategyBase.s...

6.8AI score
Exploits0
Prion
Prion
added 2023/05/03 1:15 p.m.23 views

Input validation

Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with...

5.8CVSS8.6AI score0.00332EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/03 12:33 p.m.13 views

CVE-2023-1385

Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with...

7.1CVSS8.8AI score0.00332EPSS
Exploits0References1
NVD
NVD
added 2023/05/03 12:15 a.m.23 views

CVE-2023-2464

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS4.8AI score0.00645EPSS
Exploits0References7
NVD
NVD
added 2023/05/03 12:15 a.m.17 views

CVE-2023-2466

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. Chromium security severity: Low...

4.3CVSS4.6AI score0.00801EPSS
Exploits0References7
OSV
OSV
added 2023/05/03 12:15 a.m.24 views

CVE-2023-2463

Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5AI score
Exploits0References7
Rows per page
Query Builder