Reentrancy in depositBribeERC20

Lines of code Vulnerability details Description The contract was found vulnerable to Reentrancy attack. It was noticed that the function depositBribeERC20 makes an external call to another untrusted address or a contract before it resolves any effects at line "" If the attacker controls the...

Cross-site Scripting (XSS)

kibana is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of the index pattern allowing an attacker to inject maliciously crafted script via the index pattern...

EulerOS Virtualization 3.0.6.6 : cpio (EulerOS-SA-2022-1114)

According to the versions of the cpio package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The cpiosafernamesuffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service out-of-bounds write via...

Code injection

PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed depending on your rules regardless of their associated URL category. This is done by creating a custom URL category list or by using an external dynamic list EDL i...

CVE-2022-0011

CVE-2022-0011 affects PAN-OS and Prisma Access: URL Category Exceptions can match more URLs than intended when hostname patterns lack a trailing slash or end with an asterisk, or end with a caret for TLDs. This can cause unintended blocks or allow traffic that should be restricted. Affected behav...

Potential Re-entrancy Attack via ETH or ERC777 Token Transfer

Lines of code Vulnerability details Impact The CEI pattern is not being implemented properly in the claimRewards function of the ConcurRewardPool.sol. function claimRewardsaddress calldata tokens external override for uint256 i = 0; i tokens.length; i++ uint256 getting = rewardmsg.sendertokensi;...

Potential for reentrancy on USDMPegRecovery.sol:withdraw()

Lines of code Vulnerability details Impact Re-entrancy Proof of Concept File: USDMPegRecovery.sol 110: function withdrawLiquidity calldata withdrawal external 111: Liquidity memory total = totalLiquidity; 112: Liquidity memory user = userLiquiditymsg.sender; 113: ifwithdrawal.usdm 0 114:...

Security Bulletin: Multiple vulnerabilities in Apache Log4j affect IBM Tivoli Netcool Impact (CVE-2021-45105, CVE-2021-45046)

Summary The Apache Log4j library used by IBM Tivoli Netcool Impact is vulnerable to denial of service and arbitrary code execution due to Apache Log4j CVE-2021-45105, CVE-2021-45046. The library is used by IBM Tivoli Netcool Impact to provide logging functionality. The fix includes Apache Log4j...

Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Protect Snapshot on Windows (CVE-2021-45105 and CVE-2021-45046)

Summary Vulnerabilities in Apache Log4j could result in a denial of service or remote code execution. IBM Spectrum Protect Snapshot on Windows includes the IBM Spectrum Protect Backup-Archive Cliient which installs the vulnerable Log4j files. Based on current information and analysis, Log4j is no...

CVE-2021-44403

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetPtzTattern param is not object. An attacker can send an HTTP request to trigger this vulnerability...

RHEL 7 : java-1.8.0-openjdk (RHSA-2022:0306)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0306 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

RHEL 8 : java-1.8.0-openjdk (RHSA-2022:0307)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0307 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

RHEL 8 : java-1.8.0-openjdk (RHSA-2022:0304)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0304 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

Security Bulletin: Vulnerability inApache Log4j - CVE-2021-45046 may affect IBM Watson Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability inApache Log4j - CVE-2021-45046 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Several components of IBM Watson Assistant for IBM Cloud Pak for Data use Log4j to log diagnostic data unrelated to customer input. Refer to detai...

USN-5064-2: GNU cpio vulnerability

USN-5064-1 fixed vulnerabilities in GNU cpio. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to cras...

USN-5064-2 cpio vulnerability

USN-5064-1 fixed vulnerabilities in GNU cpio. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to cras...

Moderate: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

Moderate: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...