Lucene search
K

90 matches found

Code423n4
Code423n4
added 2021/05/19 12:0 a.m.3 views

Removing NFT could exceed block size limit

Handle Sherlock Vulnerability details Impact On line 129 it loops over all the NFTs stored in the contract. Although a break statement is included it can cause the transaction to run out of gas in case of an extreme amount of NFTs Proof of Concept N/A Tools Used Hardhat Recommended Mitigation Ste...

6.7AI score
Exploits0
Prion
Prion
added 2021/04/22 8:15 p.m.26 views

Design/Logic Flaw

An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Junos OS and Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 devices with affected Trio line cards allows an attacker to exploit an interdependency in the PFE UCODE...

5CVSS5.3AI score0.01003EPSS
Exploits0References1Affected Software2
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.23 views

SUSE: Security Advisory (SUSE-SU-2019:0054-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7AI score0.02958EPSS
Exploits7References7
OSV
OSV
added 2020/08/06 11:15 p.m.2 views

UBUNTU-CVE-2020-15114

In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requestin...

7.7CVSS7.2AI score0.01206EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2020/08/06 12:0 a.m.6 views

VulnCheck KEV: CVE-2020-15654

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work...

6.5CVSS6.9AI score0.01237EPSS
Exploits0References1
OSV
OSV
added 2020/04/04 12:15 a.m.2 views

CVE-2020-5347

Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses...

7.5CVSS7.1AI score0.01044EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2020/03/21 8:11 a.m.130 views

CVE-2019-16201

WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network...

7.8CVSS2.9AI score0.05128EPSS
Exploits0References4
Prion
Prion
added 2019/11/26 6:15 p.m.25 views

Code injection

WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network...

7.8CVSS7.4AI score0.05128EPSS
Exploits0References11Affected Software2
CVE
CVE
added 2019/11/26 12:0 a.m.442 views

CVE-2019-16201

CVE-2019-16201 affects Ruby’s WEBrick DigestAuth implementations across multiple Ruby branches (up to 2.4.7, 2.5.x up to 2.5.6, and 2.6.x up to 2.6.4). The issue is a regular-expression Denial of Service caused by backtracking in DigestAuth, requiring a WEBrick server exposed to the Internet or a...

7.8CVSS7.6AI score0.05128EPSS
Exploits0References11Affected Software1
UbuntuCve
UbuntuCve
added 2019/11/20 12:0 a.m.155 views

CVE-2019-16201

WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network...

7.8CVSS6.6AI score0.05128EPSS
Exploits0References3
CVE
CVE
added 2019/01/16 8:0 p.m.113 views

CVE-2017-3140

CVE-2017-3140 describes an RPZ rule processing error in BIND that can cause named to enter an endless loop when handling a query. Affected BIND versions per sources include 9.9.10, 9.10.5, 9.11.0–9.11.1, 9.9.10-S1, 9.10.5-S1. Public advisories differ on impact to vendor products; F5 notes not aff...

5.9CVSS4.9AI score0.1213EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/01/10 12:0 a.m.50 views

SUSE SLES12 Security Update : systemd (SUSE-SU-2019:0054-1)

This update for systemd fixes the following issues : Fix security vulnerabilities CVE-2018-16864 and CVE-2018-16865 bsc1120323: Both issues were memory corruptions via attacker-controlled alloca which could have been used to gain root privileges by a local attacker. Fix security vulnerability...

7.8CVSS7.5AI score0.02958EPSS
Exploits7References11
NVD
NVD
added 2017/09/05 6:29 p.m.27 views

CVE-2017-2779

An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument VI file can cause an attacker controlled looping condition resulting in an arbitrary null write. An...

7.8CVSS7.8AI score0.02168EPSS
Exploits2References4
Cvelist
Cvelist
added 2017/09/05 6:0 p.m.24 views

CVE-2017-2779

An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument VI file can cause an attacker controlled looping condition resulting in an arbitrary null write. An...

7.5CVSS7.9AI score0.02168EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2017/05/31 12:0 a.m.38 views

Debian DSA-3866-1 : strongswan - security update

Two denial of service vulnerabilities were identified in strongSwan, an IKE/IPsec suite, using Google's OSS-Fuzz fuzzing project. - CVE-2017-9022 RSA public keys passed to the gmp plugin aren't validated sufficiently before attempting signature verification, so that invalid input might lead to a...

7.5CVSS6.9AI score0.02222EPSS
Exploits0References6
FreeBSD
FreeBSD
added 2017/05/30 12:0 a.m.33 views

strongswan -- Denial-of-service vulnerability in the x509 plugin

strongSwan security team reports: ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when parsing X.509 certificates with extensions that use such types. This could lead to infinite looping of the thread parsing a specifically crafted certificate...

7.5CVSS1.3AI score0.02222EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2017/02/24 9:18 a.m.36 views

CVE-2017-6214

A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice and tcpspliceread functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely...

7.5CVSS2AI score0.04666EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2016/11/18 9:47 a.m.32 views

CVE-2016-9372

In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects...

5.9CVSS5.6AI score0.0209EPSS
Exploits0References2
OSV
OSV
added 2016/11/17 5:59 a.m.12 views

CVE-2016-9372

In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects...

5.9CVSS6.4AI score
Exploits0References5
Packet Storm
Packet Storm
added 2016/11/17 12:0 a.m.44 views

Authenticated WMI Exec Via Powershell

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/post/windows/powershell' require 'msf/core/post/windows/priv' require 'msf/core/exploit/powershell/dotnet' class MetasploitModule...

0.6AI score
Exploits0
Rows per page
Query Builder