Lucene search
K

85 matches found

Code423n4
Code423n4
added 2023/05/08 12:0 a.m.13 views

Mitigation of M-07: Issue not mitigated

MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of M-07: Issue not mitigated Link to Issue: code-423n4/2023-03-asymmetry-findings765 Comments While the principal issue for M-07 described a de-peg scenario, which eventually was interpreted as a "black swan" event, I do think the...

6.7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2023/04/19 12:0 a.m.12 views

CVE-2023-2166

A null pointer dereference issue was found in can protocol in net/can/afcan.c in the Linux before Linux. mlpriv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service...

5.3AI score0.002EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/03/29 1:53 a.m.10 views

SUSE CVE-2023-28859

redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. This could, for example, happen for a non-pipeline operation. NOTE: the solutions for CVE-2023-288...

4.3CVSS9.2AI score0.01034EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/11/25 12:0 a.m.8 views

PT-2022-27053 · Unknown · Browsershot

Name of the Vulnerable Software and Affected Versions: Browsershot version 3.57.2 Description: The issue allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method do...

8.2CVSS8AI score0.00635EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2022/11/07 12:0 a.m.6 views

PT-2022-27314 · Unknown · Object First Ootbi Beta

Name of the Vulnerable Software and Affected Versions: Object First Ootbi BETA versions 1.0.7.712 through 1.0.13.1610 Description: An issue was discovered in the management protocol, allowing a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname...

8.8CVSS8.8AI score0.00954EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/09/15 12:0 a.m.2 views

PT-2022-21170 · Parse-Url · Url-Parse

Name of the Vulnerable Software and Affected Versions: parse-url versions prior to 8.1.0 Description: The issue concerns a misinterpretation of input in the parse-url library, where certain HTTP or HTTPS URLs are parsed incorrectly. Specifically, the library may identify the URL's protocol as SSH...

9.4CVSS7.4AI score0.00586EPSS
Exploits1References7
Code423n4
Code423n4
added 2021/10/06 12:0 a.m.15 views

fee-on-transfer underlying can cause problems

Handle 0xsanson Vulnerability details Impact The current implementation doesn't work with fee-on-transfer underlying tokens. Considering that Compound can have these kind of tokens ex. USDT can activate fees, this issue can affect the protocol. The problem arise when transferring tokens, basicall...

6.9AI score
Exploits0
OSV
OSV
added 2021/06/24 2:15 p.m.13 views

CVE-2021-29949

When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious...

7.8CVSS7.4AI score
Exploits0References2
OSV
OSV
added 2020/07/26 2:26 p.m.3 views

OPENSUSE-SU-2020:1085-1 Security update for knot

This update for knot fixes the following issues: - CVE-2017-11104: Fixed an improper implementation of TSIG protocol which could have allowed an attacker with a valid key name and algorithm to bypass TSIG authentication boo1047841...

5.9CVSS5.8AI score0.02681EPSS
Exploits1References3
FreeBSD
FreeBSD
added 2020/05/19 12:0 a.m.69 views

powerdns-recursor -- multiple vulnerabilities

PowerDNS Team reports: CVE-2020-10995: An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between...

8.8CVSS3.4AI score0.23889EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 4:58 a.m.42 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Build Forge (CVE-2014-6457)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 1.5, 1.6, 1.7 that is used by IBM Rational Build Forge. These issues were disclosed as part of the IBM Java SDK updates in October 2014. Vulnerability Details CVEID: CVE-2014-6457 Description: An unspecified...

4.3CVSS0.5AI score0.99999EPSS
Exploits7Affected Software1
Microsoft KB
Microsoft KB
added 2018/04/16 12:0 a.m.4 views

March 22, 2018—KB4088891 (OS Build 15063.994)

March 22, 2018—KB4088891 OS Build 15063.994 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses issue with a GDI handle leak in the Windows Ribbon control. Addresses issue where,...

6.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2017/06/15 12:0 a.m.6 views

The vulnerability of the dccp_v6_request_recv_sock function in the net/dccp/ipv6.c file of the Linux kernel allows a attacker to cause a service failure or exert other effects.

The vulnerability of the dccpv6requestrecvsock function in the net/dccp/ipv6.c module of the Linux kernel is related to incorrect data processing. Exploiting this vulnerability could allow an attacker acting locally to cause service failures or other adverse effects due to system calls...

7.3CVSS6.4AI score0.00366EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2017/03/14 12:0 a.m.7 views

PT-2017-1939

Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description The issue exists due to insufficient input validation in the SMBv1 protocol of the Microsoft Windows operating system. It allows a remote attacker to execute arbitrary code using...

9.3CVSS9.2AI score0.9923EPSS
Exploits55References67
OSV
OSV
added 2016/02/09 10:2 a.m.11 views

SUSE-SU-2016:0390-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following security issues by updating to 8.0-2.10 bsc963937: - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision...

10CVSS7.2AI score0.14714EPSS
Exploits0References13
OSV
OSV
added 2015/07/27 9:53 a.m.23 views

MGASA-2015-0280 Updated java-1.8.0-openjdk package fixes security vulnerabilities

Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733. A flaw was fou...

10CVSS6.6AI score0.9986EPSS
Exploits1References6
OSV
OSV
added 2015/07/05 5:22 p.m.10 views

MGASA-2015-0268 Updated firefox package fixes security vulnerability

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2015-2722, CVE-2015-2724, CVE-2015-2728, CVE-2015-2733,...

10CVSS7.2AI score0.9986EPSS
Exploits2References16
ATTACKERKB
ATTACKERKB
added 2010/12/06 12:0 a.m.428 views

CVE-2010-4478

OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a...

7.5CVSS5.5AI score0.08076EPSS
In wildExploits2References8
Positive Technologies
Positive Technologies
added 2010/02/10 12:0 a.m.6 views

PT-2010-2042 · Microsoft · Windows Server 2008 +2

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Vista versions Gold, SP1, and SP2 Microsoft Windows Server 2008 versions Gold and SP2 Description: A denial of service issue exists due to an error in TCP/IP processing when handling specially crafted TCP packets with a...

7.8CVSS6.2AI score0.67717EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.2 views

APOP password recovery vulnerability

Overview POP3 is a protocol for receiving email from mail servers. APOP is an authentication mechanism used by the POP3 protocol. It is reported that APOP passwords could be recovered by third parties. In its successful attack, the attacker spoofs itself as the mail server, provides challenge...

5.4CVSS9.3AI score0.02423EPSS
Exploits1References35
Rows per page
Query Builder