Lucene search
K

267 matches found

Debian CVE
Debian CVE
added 2024/04/04 2:46 p.m.23 views

CVE-2024-28871

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available...

7.5CVSS7.5AI score0.00841EPSS
Exploits0
CNNVD
CNNVD
added 2024/03/27 12:0 a.m.6 views

Cilium 安全漏洞

Cilium is an open source software. It is used to provide and transparently secure network connectivity and load balancing between application workloads such as application containers or processes. A security vulnerability exists in Cilium that stems from the presence of insecure IPsec transport...

8CVSS7.6AI score0.00172EPSS
Exploits0References7
OSV
OSV
added 2024/02/20 3:15 a.m.4 views

CVE-2023-6764

A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50W series firmware versions from 4.16 through 5.37 Patch 1, and USG20W-VPN series...

8.1CVSS6.3AI score0.00889EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/12/12 5:24 p.m.4 views

golang: crypto/tls: panic when processing post-handshake message on QUIC connections

A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic...

7.5CVSS7.3AI score0.01146EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2023/12/06 12:0 a.m.42 views

CVE-2023-45285

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...

7.5CVSS6.8AI score0.01137EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2023/11/29 12:0 a.m.7 views

The vulnerability of the QuickSec IPSec microprogramming software for network devices from Zyxel, including models such as ATP, USG FLEX, USG FLEX50(W), and USG20(W)-VPN, as well as VPN, allows a hacker to cause service interruptions.

The vulnerability of the QuickSec IPSec microprogramming software for network devices from Zyxel, such as ATP, USG FLEX, USG FLEX50W, and USG20W-VPN, related to the possibility of integer overflow. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by sendi...

7.8CVSS7.3AI score0.00881EPSS
Exploits0References2
OSV
OSV
added 2023/11/28 2:15 a.m.4 views

CVE-2023-4398

An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series...

7.5CVSS5.8AI score0.00881EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/27 12:0 a.m.4 views

PT-2023-7186 · Zyxel · Zyxel Usg Flex Series +5

Name of the Vulnerable Software and Affected Versions: Zyxel ATP series firmware versions 4.32 through 5.37 Zyxel USG FLEX series firmware versions 4.50 through 5.37 Zyxel USG FLEX 50W series firmware versions 4.16 through 5.37 Zyxel USG20W-VPN series firmware versions 4.16 through 5.37 Zyxel VPN...

7.8CVSS7.5AI score0.00881EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/10/04 7:6 p.m.33 views

CVE-2023-42449 Malicious head initialiser can extract PTs from control of Hydra scripts, leading to locked participant commits or spoofed commits

Hydra is the two-layer scalability solution for Cardano. Prior to version 0.13.0, it is possible for a malicious head initializer to extract one or more PTs for the head they are initializing due to incorrect data validation logic in the head token minting policy which then results in an flawed...

8.1CVSS8.2AI score0.00907EPSS
Exploits1References5
Code423n4
Code423n4
added 2023/09/27 12:0 a.m.8 views

Lack of slippage protection for depositRewards() in AfEth.sol makes it susceptible to sandwich attacks

Lines of code Vulnerability details Bug Description In VotiumStrategyCore.sol, the buyCvx function calls exchangeunderlying of Curve's ETH / CVX pool to buy CVX: VotiumStrategyCore.solL233-L240 ICrvEthPoolCVXETHCRVPOOLADDRESS.exchangeunderlying value: ethAmountIn 0, 1, ethAmountIn, 0 // this is...

7.1AI score
Exploits0
OSV
OSV
added 2023/09/07 8:15 p.m.2 views

CVE-2023-20193

A vulnerability in the Embedded Service Router ESR of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root. To exploit this vulnerability, an attacker must have valid...

6.7CVSS6.7AI score0.00185EPSS
Exploits0References1
Code423n4
Code423n4
added 2023/08/28 12:0 a.m.11 views

reserve balances AND reserve balance ratio INVARIANTS ARE NOT CHECKED INSIDE THE _reserveTokenSpecified FUNCTION THUS ENABLING deposit AND withdraw TRANSACTIONS TO BREAK THESE INVARIANTS

Lines of code Vulnerability details Impact The EvolvingProteus.depositGivenInputAmount function is used to calculate the output amount of LP tokens given an input amount of reserve tokens. The EvolvingProteus.withdrawGivenOutputAmount function is used to calculate the amount of LP tokens that mus...

7AI score
Exploits0
OSV
OSV
added 2023/08/25 9:15 p.m.5 views

AZL-34935 CVE-2023-38710 affecting package libreswan for versions less than 4.7-6

An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALIDSPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets...

6.5CVSS6.6AI score0.00691EPSS
Exploits0References1
Code423n4
Code423n4
added 2023/07/31 12:0 a.m.8 views

High - TemporalGovernor.sol - Malicious Governance Propsoals can interact with Metamorphic Contracts resulting in Business Critical Risk to the Protocol

Lines of code Vulnerability details High - TemporalGovernor.sol - Malicious Governance Propsoals can interact with Metamorphic Contracts resulting in Business Critical Risk to the Protocol Impact Due to the permisionless governance execution method, with no ascribed or implemented security...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2023/06/13 12:0 a.m.11 views

Unsafe delegatecall functionality can break core protocol functionality

Lines of code Vulnerability details Impact There are multiple contracts which include delegatecall functionality, including the execute function of the LlamaAccount contract and the execute function of the LlamaExecutor contract. The issue is that there's no controls, other than the standard role...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/06/13 12:0 a.m.2 views

PT-2023-3130 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to a security feature bypass in the implementation of the Remote Desktop Protocol RDP in the Windows operating system, associated with insufficient access restrictions...

7.8CVSS7.7AI score0.01167EPSS
Exploits0References8
OSV
OSV
added 2023/04/18 8:15 p.m.5 views

CVE-2023-21936

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseO...

5.4CVSS6.7AI score0.00376EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2023/03/30 12:21 p.m.46 views

New Wi-Fi Protocol Security Flaw Affecting Linux, Android and iOS Devices

A group of academics from Northeastern University and KU Leuven has disclosed a fundamental design flaw in the IEEE 802.11 Wi-Fi protocol standard, impacting a wide range of devices running Linux, FreeBSD, Android, and iOS. Successful exploitation of the shortcoming could be abused to hijack TCP...

6.3AI score
Exploits0
Code423n4
Code423n4
added 2023/03/30 12:0 a.m.7 views

An attacker can front-run setMaxPayout() and freeze deposit() and the whole protocol from progressing in epochs.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. When the owner calls setMaxPayout to decrease maxPayout to newMaxPayout, an attacker can front-run it and deposit so that termsepoch.payoutTotal newMaxPayout. This will freeze deposit and the whole...

7.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/03/03 12:0 a.m.5 views

Vulnerability of the j1939_sessiondestroy() function in the net/can/j1939/transport.c module: a flaw in Linux operating system kernel-based IPsec components, allowing an attacker to cause a service failure.

The vulnerability of the j1939sessiondestroy function in the net/can/j1939/transport.c module is related to incorrect handling of block usage counters in IPsec components of the Linux operating system. Exploiting this vulnerability could allow a remote attacker to cause service failures...

3.5CVSS6.2AI score0.00299EPSS
Exploits0References23Affected Software6
Rows per page
Query Builder