Lucene search
K

226 matches found

CVE
CVE
added 2024/04/25 5:41 p.m.65 views

CVE-2024-32647

Vyper vulnerability CVE-2024-32647 concerns the create_from_blueprint builtin prior to version 0.3.11. The root cause is that the _build_create_IR path does not cache the args parameter on the stack when raw_args=True and args have side-effects, allowing the argument to be evaluated multiple time...

5.3CVSS6.8AI score0.00451EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/25 5:21 p.m.26 views

CVE-2024-32646 vyper performs double eval of the slice args when buffer from adhoc locations

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or .code and either the start or length arguments have side-effects...

5.3CVSS7.1AI score0.00451EPSS
Exploits0References1
CVE
CVE
added 2024/04/25 5:21 p.m.75 views

CVE-2024-32646

Vyper CVE-2024-32646 affects the Pythonic smart contract language. The vulnerability concerns the builtin slice when the buffer is msg.data, self.code, or .code and either the start or length has side-effects, causing a double evaluation of those side-effects. It is triggerable only in versions e...

5.3CVSS7AI score0.00451EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/25 12:0 a.m.5 views

PT-2024-24742 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.3.10 and prior Description: The issue arises from using the sqrt builtin in Vyper, which can result in a double eval vulnerability when the argument has side-effects. This occurs because the build IR function of the sqrt...

5.3CVSS6.9AI score0.00451EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/04/25 12:0 a.m.11 views

PT-2024-24739 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.3.10 and prior Description: Using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or .code and either the start or length arguments have side-effects. The...

5.3CVSS7.2AI score0.00451EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/04/25 12:0 a.m.9 views

PT-2024-24740 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.3.10 and prior Description: Using the create from blueprint builtin can result in a double eval vulnerability when raw args=True and the args argument has side-effects. The build create IR function of the create from blueprin...

5.3CVSS7AI score0.00451EPSS
Exploits0References8
0day.today
0day.today
added 2024/03/02 12:0 a.m.502 views

BoidCMS 2.0.0 Command Injection Exploit

This Metasploit module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS versions 2.0.0 and below. BoidCMS allows the authenticated upload of a php file as media if the file has the GIF header, even if the file is a php file. This module requires Metasploit:...

8.8CVSS7.1AI score0.69003EPSS
Exploits8
0day.today
0day.today
added 2024/01/24 12:0 a.m.313 views

Saltstack Minion Payload Deployer Exploit

This Metasploit exploit module uses saltstack salt to deploy a payload and run it on all targets which have been selected default all. Currently only works against nix targets. This module requires Metasploit: https://metasploit.com/download Current source:...

7.4AI score
Exploits0
Metasploit
Metasploit
added 2024/01/17 7:50 p.m.197 views

Ansible Agent Payload Deployer

This exploit module creates an ansible module for deployment to nodes in the network. It creates a new yaml playbook which copies our payload, chmods it, then runs it on all targets which have been selected default all. Module Options msf use exploit/linux/local/ansiblenodedeployer msf...

7AI score
Exploits0
0day.today
0day.today
added 2023/11/28 12:0 a.m.429 views

WordPress Royal Elementor Addons Remote Code Execution Exploit

Exploit for the unauthenticated file upload vulnerability in WordPress Royal Elementor Addons and Templates plugin 'WordPress Royal Elementor Addons RCE', 'Description' = %q Exploit for the unauthenticated file upload vulnerability in WordPress Royal Elementor Addons and Templates plugin...

9.8CVSS9.6AI score0.81695EPSS
Exploits18
Packet Storm
Packet Storm
added 2023/09/06 12:0 a.m.351 views

SolarView Compact 6.00 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SolarView Compact unauthenticated remote command execution vulnerability.', 'Description' = %q CONTEC's SolarView™ Series enables you to monitor...

9.8CVSS7.1AI score0.99273EPSS
Exploits9
Veracode
Veracode
added 2023/09/05 5:3 p.m.17 views

Incorrect Control Flow Implementation

vyper is vulnerable to Incorrect Control Flow Implementation. The vulnerability exists in functions.py due to incorrect implementation of operations causing side effects which allows an attacker to perform unauthorized actions...

5.3CVSS6.7AI score0.00418EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2023/09/04 6:15 p.m.73 views

CVE-2023-41052

Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions uint256addmod, uint256mulmod, ecadd and ecmul does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side...

5.3CVSS4.6AI score0.00455EPSS
Exploits1References2
NVD
NVD
added 2023/09/04 6:15 p.m.59 views

CVE-2023-40015

Vyper is a Pythonic Smart Contract Language. For the following probably non-exhaustive list of expressions, the compiler evaluates the arguments from right to left instead of left to right. unsafeadd, unsafesub, unsafemul, unsafediv, powmod256, |, &, ^ bitwise operators, bitwiseor deprecated,...

5.3CVSS4.4AI score0.00418EPSS
Exploits1References1
OSV
OSV
added 2023/09/04 6:15 p.m.39 views

PYSEC-2023-168

Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions uint256addmod, uint256mulmod, ecadd and ecmul does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side...

5.3CVSS7.1AI score0.00455EPSS
Exploits1References2
PyPA
PyPA
added 2023/09/04 6:15 p.m.9 views

PYSEC-2023-168

Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions uint256addmod, uint256mulmod, ecadd and ecmul does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side...

5.3CVSS6.6AI score0.00455EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/09/04 6:15 p.m.50 views

PYSEC-2023-167

Vyper is a Pythonic Smart Contract Language. For the following probably non-exhaustive list of expressions, the compiler evaluates the arguments from right to left instead of left to right. unsafeadd, unsafesub, unsafemul, unsafediv, powmod256, |, &, ^ bitwise operators, bitwiseor deprecated,...

5.3CVSS6.7AI score0.00418EPSS
Exploits1References1
PyPA
PyPA
added 2023/09/04 6:15 p.m.10 views

PYSEC-2023-167

Vyper is a Pythonic Smart Contract Language. For the following probably non-exhaustive list of expressions, the compiler evaluates the arguments from right to left instead of left to right. unsafeadd, unsafesub, unsafemul, unsafediv, powmod256, |, &, ^ bitwise operators, bitwiseor deprecated,...

5.3CVSS6.8AI score0.00418EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/09/04 6:15 p.m.101 views

Design/Logic Flaw

Vyper is a Pythonic Smart Contract Language. For the following probably non-exhaustive list of expressions, the compiler evaluates the arguments from right to left instead of left to right. unsafeadd, unsafesub, unsafemul, unsafediv, powmod256, |, &, ^ bitwise operators, bitwiseor deprecated,...

5CVSS5.1AI score0.00418EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/04 5:39 p.m.9 views

CVE-2023-40015 Vyper: reversed order of side effects for some operations

Vyper is a Pythonic Smart Contract Language. For the following probably non-exhaustive list of expressions, the compiler evaluates the arguments from right to left instead of left to right. unsafeadd, unsafesub, unsafemul, unsafediv, powmod256, |, &, ^ bitwise operators, bitwiseor deprecated,...

3.7CVSS6.4AI score0.00418EPSS
Exploits1References1
Rows per page
Query Builder