CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Oracle linux•added 2024/05/24 12:0 a.m.•67 views

httpd:2.4 security update

httpd 2.4.37-64.0.1 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-64 - Resolves: RHEL-14448 - httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 2.4.37-63 - modxml2enc: fix media type handling Resolves: RHEL-14321 modhttp2 1.15.7-10 - Resolves: RHEL-29817 -...

7.5CVSS7.5AI score0.9439EPSS

Exploits30

Code423n4•added 2023/08/10 12:0 a.m.•7 views

Misaligned Epoch Calculation for Reward Claims

Lines of code Vulnerability details Impact When users attempt to claim rewards, the contract calculates the claimEnd and subsequently updates the userClaimedEpoch using claimEnd + WEEK. This might result in misaligned epochs in scenarios where claimUpToTimestamp is less than or more than a week. ...

Code423n4•added 2023/07/26 12:0 a.m.•9 views

THIS IS A TEST

Lines of code L1 Vulnerability details TESTING REFACTOR Assessed type Context --- The text was updated successfully, but these errors were encountered: All reactions...

7AI score

Code423n4•added 2023/05/15 12:0 a.m.•10 views

Incorrect decimal handling in _startAuction, resulting in wrong auction.startBidBps

Lines of code Vulnerability details Shortfall.startAuction uses the oracle price of the underlying tokens to price the pool bad debt: Shortfall.sol 389: for uint256 i; i the price returned by priceOracle.getUnderlyingPrice has a number of decimals equal to 36 - vToken decimals. This means the...

6.7AI score

NVD•added 2023/05/10 2:15 p.m.•10 views

CVE-2023-25568

Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users acceptin...

8.2CVSS8.2AI score0.01091EPSS

Prion•added 2023/05/10 2:15 p.m.•14 views

Design/Logic Flaw

5CVSS7.5AI score0.01091EPSS

Exploits0References4Affected Software1

Cvelist•added 2023/05/10 12:0 a.m.•10 views

CVE-2023-25568 Boxo bitswap/server: DOS unbounded persistent memory leak

8.2CVSS8.3AI score0.01091EPSS

Vulnrichment•added 2023/05/10 12:0 a.m.•8 views

CVE-2023-25568 Boxo bitswap/server: DOS unbounded persistent memory leak

8.2CVSS8.2AI score0.01091EPSS

Code423n4•added 2023/05/08 12:0 a.m.•7 views

Mitigation Confirmed for Mitigation of M-10: Issue mitigated

Mitigated issue M-10: Stuck ether when use function stake with empty derivativesderivativeCount = 0 The issue was that stake will accept payment but not issue safETH when derivativeCount == 0 or when all weightsi == 0. Mitigation review The proposed mitigation simply adds a requirederivativeCount...

Code423n4•added 2023/02/20 12:0 a.m.•9 views

Unnecessary precision loss in redeemKIBT()

Lines of code Vulnerability details Impact Unnecessary precision loss in redeemKIBT Proof of Concept If enter Deprecated mode, user can switch back to StableCoin by percentage with redeemKIBT The redeemKIBT implementation code is as follows: function redeemKIBTuint256 amount external override...

7AI score

SUSE CVE•added 2023/02/15 4:5 a.m.•1 views

SUSE CVE-2019-19807

In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to sndtimeropen and sndtimercloselocked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a...

7.8CVSS7.2AI score0.00078EPSS

Exploits1References3

Code423n4•added 2023/02/13 12:0 a.m.•9 views

Deficiency of slashed GGP amount should be made up from node operator's AVAX

Lines of code Vulnerability details Impact If staked GGP doesn't cover slash amount, slashing it all will not be fair to the liquid stakers. Slashing is rare, and that the current 14 day validation cycle which is typically 1/26 of the minimum amount of GGP staked is unlikely to bump into this...

Positive Technologies•added 2023/01/20 12:0 a.m.•4 views

PT-2025-13356

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer overflow issue was detected in the Linux kernel, specifically in the bnxt module, where test names were being concatenated beyond the end of the first name. This issue was...

5.5CVSS6.8AI score0.00017EPSS

Code423n4•added 2022/12/21 12:0 a.m.•7 views

Underlying With Non-Standard Decimals Not Supported

Lines of code Vulnerability details Impact Arithmetic operations are performed with the assumption that the token always has 18 decimals. Proof of Concept It would not be possible without using 18 decimal places of the base capital. Tools Used vscode Recommended Mitigation Steps Consider whether...

Oracle linux•added 2022/11/22 12:0 a.m.•30 views

guestfs-tools security, bug fix, and enhancement update

1.48.2-5 - Rebase to guestfs-tools 1.48.2 resolves: rhbz2059286 - Default to --selinux-relabel in various tools resolves: rhbz2075718, rhbz2089748 - Add lvm system.devices cleanup operation to virt-sysprep resolves: rhbz2072493 - Refactor virt-customize --install, --update options in common...

6.5CVSS1.7AI score0.00196EPSS