Lucene search
K

47 matches found

Code423n4
Code423n4
added 2023/06/14 12:0 a.m.8 views

NATIVE TOKENS TRANSFERRED TO THE LlamaAccount CONTRACT CAN GET STUCK

Lines of code Vulnerability details Impact In the LlamaAccount contract there is a payable recieve to receive native tokens as shown below: receive external payable Hence this contrat accepts native tokens sent to this. But the problem is if any amount of native token is sent to this contract via...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/05/30 12:0 a.m.19 views

Reentrancy guard in rageQuit() can be bypassed

Lines of code Vulnerability details Reentrancy guard in rageQuit can be bypassed The reentrancy guard present in the rageQuit function can be bypassed by host accounts, leading to reentrancy attack vectors and loss of funds. Impact The new rageQuit function can be used by party members to exit...

6.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/01/20 12:0 a.m.7 views

PT-2023-15132 · Unknown +1 · Gns3 Dynamips +1

Name of the Vulnerable Software and Affected Versions: GNS3 dynamips version 0.2.21 Description: The issue is related to the use of an uninitialized variable in the function gen eth recv in GNS3 dynamips. This could potentially lead to unpredictable behavior or errors. Recommendations: For GNS3...

7.5CVSS6.9AI score0.00858EPSS
Exploits1References8
Code423n4
Code423n4
added 2022/10/21 12:0 a.m.10 views

Upgraded Q -> M from 94 [1666365598508]

Judge has assessed an item in Issue 94 as Medium risk. The relevant finding follows: L-04 payEther should use .call instead of .transfer Use of .transfer is no longer encouraged, as it may fail if the receiver has any logic in their receive function, due to the 2300 gas consumption limit. --- The...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/17 12:0 a.m.12 views

receive function is unrestricted

Lines of code Vulnerability details Impact The receive function has not placed any restriction which means if any user accidentally sends any ETH to this contract then it is permanently freezed until timelock decides to release it by creating and approving a new transaction on timelock which...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/03/02 12:0 a.m.10 views

dangerous receive function

Lines of code Vulnerability details the receive function doesn't check the msg.sender is supposed to pay, risking someone to accidentally sending ether and losing it. --- The text was updated successfully, but these errors were encountered: All reactions...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/05/26 12:0 a.m.9 views

The function liquidateDai() fails

Handle s1m0 Vulnerability details Impact liquidateDai try to swap DAI to ETH through uniswap using swapExactTokenForETH. Before calling swapExactTokenForETH the smart contract should approve uniswap router to use amount of DAI. Also as for documentation If the to address is a smart contract, it...

6.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2021/03/04 12:0 a.m.3 views

PT-2021-7754 · Stb +3 · Stb +3

Name of the Vulnerable Software and Affected Versions: stb versions 2.26 Description: The issue is related to a buffer overflow vulnerability in the stbi extend receive function of the stb image.h component in the stb library for C/C++. This vulnerability can be exploited by a remote attacker usi...

9.3CVSS6.2AI score0.02069EPSS
Exploits6References77
Veracode
Veracode
added 2019/05/02 5:6 a.m.39 views

Weak Authentication

The Network Time Protocol NTP is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's cryptorecv, ctlputdata, and configure functions. A remote attacker could use either of these flaws to send a specially crafted request...

7.5CVSS5.9AI score0.7809EPSS
Exploits4References23Affected Software1
CNVD
CNVD
added 2018/10/12 12:0 a.m.2 views

QEMU 'rtl8139_do_receive' function buffer overflow vulnerability

QEMU aka Quick Emulator is a set of simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A buffer overflow vulnerability exists in the 'rtl8139doreceive' function of the hw/net/rtl8139.c file in QEMU, which stems from the program...

7.5CVSS7.5AI score0.06169EPSS
Exploits0References1
CNVD
CNVD
added 2018/02/08 12:0 a.m.1 views

CCN-lite memory leak vulnerability (CNVD-2018-03676)

CCN-lite is a lightweight and functionally interoperable implementation of the CCNx protocol for XEROX PARC. A memory leak vulnerability exists in the ccnlappRX function in ccnl-uapi.c in versions of CCN-lite prior to 2.0.0. An attacker could cause a denial of service memory consumption by...

7.5CVSS6.7AI score0.01377EPSS
Exploits0References1
seebug.org
seebug.org
added 2016/11/25 12:0 a.m.23 views

uSQLite 1.0.0 buffer overflow vulnerability

Vulnerability reproduction uSQLite is SQLite a network package tool 它有一个Server工具uSQLiteServer.exe open will open the 3002 port is responsible for processing connected to the case, in the received data, when receiving a malformed data, since the data is not to judge, so because of the sprintf...

8.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.5 views

The vulnerability of the PostgreSQL database management system allows a malicious individual to cause service failures or obtain confidential information.

The PostgreSQL database management system versions 9.2.x up to 9.2.3, 9.1.x up to 9.1.8, 9.0.x up to 9.0.12, 8.4.x up to 8.4.16, and 8.3.x up to 8.3.23 incorrectly handle the enumrecv function in the backend/utils/adt/enum.c interface. This allows authorized users to trigger server failures or...

6.8CVSS7.8AI score0.03592EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2015/10/13 12:0 a.m.6 views

The vulnerability of the QEMU hardware emulation software allows a hacker to trigger a maintenance failure or execute arbitrary code.

The vulnerability of the ne2000receive function in the QEMU hardware emulation software is caused by a buffer overflow in the dynamic memory. Exploiting this vulnerability can allow an attacker acting locally to cause a service failure or execute arbitrary code...

7.2CVSS7.5AI score0.01046EPSS
Exploits0References5Affected Software1
Mageia
Mageia
added 2015/04/15 9:1 a.m.44 views

Updated ntp packages fix security vulnerabilities

Updated ntp packages fix security vulnerabilities: The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting th...

4.3CVSS6.2AI score0.02219EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/04/13 12:0 a.m.39 views

Mandriva Linux Security Advisory : ntp (MDVSA-2015:202)

Multiple vulnerabilities has been found and corrected in ntp : The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by...

4.3CVSS6.2AI score0.02219EPSS
Exploits0References3
OSV
OSV
added 2015/04/08 10:59 a.m.1 views

DEBIAN-CVE-2015-1798

The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC...

1.8CVSS6.7AI score0.02219EPSS
Exploits0References1
NVD
NVD
added 2015/04/08 10:59 a.m.19 views

CVE-2015-1798

The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC...

1.8CVSS7.3AI score0.02219EPSS
Exploits0References21
UbuntuCve
UbuntuCve
added 2015/04/08 12:0 a.m.31 views

CVE-2015-1798

The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC...

1.8CVSS6.8AI score0.02219EPSS
Exploits0References3
NVD
NVD
added 2014/12/20 2:59 a.m.15 views

CVE-2014-9296

The receive function in ntpproto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets...

5CVSS6.9AI score0.16161EPSS
Exploits1References19
Rows per page
Query Builder