Lucene search
+L

168 matches found

Code423n4
Code423n4
added 2021/05/19 12:0 a.m.8 views

Transaction-Order-Dependence race condition for approveTransferERC20()

Handle 0xRajeev Vulnerability details Impact Similar to ERC20 approve being susceptible to double-spend allowance due to front-running, approveTransferERC20 here is also susceptible. For reference, see . This is the classic ERC20 approve race condition where a malicious spender can double-spend...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/05/11 12:0 a.m.12 views

A malicious receiver can cause another receiver to lose out on distributed fees by returning false for tokensReceived when receiveRewards is called on their receiver contract.

Handle janbro Vulnerability details Summary A malicious receiver can cause another receiver to lose out on distributed fees by returning false for tokensReceived when receiveRewards is called on their receiver contract. Risk Rating Medium Vulnerability Details A malicious receiver can cause anoth...

7.1AI score
Exploits0
CNNVD
CNNVD
added 2021/02/05 12:0 a.m.11 views

Electric Coin Company Zcashd Security Breach

Zcash is a decentralized open source data currency. Electric Coin Company Zcashd before 2.1.1-1 suffers from a security vulnerability that allows an attacker to trigger a consensus failure and double spend...

7.5CVSS7.1AI score0.01027EPSS
Exploits0References2
CNVD
CNVD
added 2021/01/08 12:0 a.m.15 views

IBM Emptoris Contract Management and IBM Emptoris Spend Analysis Information Disclosure Vulnerabilities

IBM Emptoris Contract Management is a web-based contract management software for managing and maintaining legal contracts between parties.IBM Emptoris Spend Analysis is a web-based information and management tool that supports organizations in consolidating spend data from dispersed and disparate...

5.3CVSS6AI score0.01578EPSS
Exploits0References1
OSV
OSV
added 2021/01/07 6:15 p.m.3 views

CVE-2020-4897

IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM...

5.3CVSS6.1AI score0.01578EPSS
Exploits0References3
NVD
NVD
added 2021/01/07 6:15 p.m.22 views

CVE-2020-4897

IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM...

5.3CVSS4.9AI score0.01578EPSS
Exploits0References3
Prion
Prion
added 2021/01/07 6:15 p.m.11 views

Information disclosure

IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM...

5CVSS4.8AI score0.01578EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2021/01/07 5:40 p.m.52 views

CVE-2020-4897

CVE-2020-4897 affects IBM Emptoris Contract Management and IBM Emptoris Spend Analysis. The vulnerability arises from verbose application errors that reveal detailed information in browser responses, enabling an attacker to obtain sensitive data and potentially facilitate subsequent attacks. Affe...

5.3CVSS4.8AI score0.01578EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/01/07 5:40 p.m.26 views

CVE-2020-4897

IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM...

5.3CVSS4.9AI score0.01578EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/01/07 12:0 a.m.7 views

IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 安全漏洞

IBM Emptoris Contract Management is a web-based contract management software for managing and maintaining legal contracts between parties.IBM Emptoris Spend Analysis is a web-based information and management tool that supports organizations in consolidating spend data from dispersed and disparate...

5.3CVSS6.1AI score0.01578EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/06 7:30 a.m.12 views

Security Bulletin: Information Disclosure Vulnerability Affects IBM Emptoris Spend Analysis (CVE-2020-4897)

Summary Verbose application errors information disclosure affects IBM Emptoris Spend Analysis. Vulnerability Details CVEID: CVE-2020-4897 DESCRIPTION: IBM Emptoris could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Thi...

5.3CVSS5.3AI score0.01578EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/03 9:54 a.m.39 views

Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Spend Analysis (CVE-2020-11023, CVE-2020-11022)

Summary jQuery security vulnerabilities affect IBM Emptoris Spend Analysis. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could exploit this...

6.9CVSS7.2AI score0.99019EPSS
Exploits11Affected Software1
Akamai Blog
Akamai Blog
added 2020/10/12 10:0 p.m.66 views

Three Cloud-First Akamai Initiatives to Support Your Cloud Journey

61% of organizations plan to focus on cloud migration this year. 93% have a multi-cloud strategy.1 This means that on average your organization is using 2.2 public clouds, multiplying your complexity and your costs. While the cloud has delivered on a lot of promises, it isn't getting simpler or...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2020/09/13 8:36 p.m.31 views

Agoric: Improper Input Validation allows an attacker to "double spend" or "respend", violating the integrity of the message command history or causing DoS

Summary: Improper Input Validation allows an attacker to "double spend" or "respend", violating the integrity of the message command history or causing DoS Steps To Reproduce: I was curling random integers and found that I could do the following: json "type":"doEval","number":500,"body":"test"...

0.4AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2020/08/19 11:0 a.m.28 views

How Financial Apps Get You to Spend More and Question Less

You should never invest without fully understanding the risks, but tax prep and stock trading services often obfuscate the things you really need to know...

3.3AI score
Exploits0
CNVD
CNVD
added 2020/07/03 12:0 a.m.21 views

Ledger SAS Live Code Issue Vulnerability

Ledger SAS Live is a cryptocurrency wallet product from the French company Ledger SAS. A security vulnerability exists in Ledger SAS Live versions prior to 2.7.0. Unprocessed Bitcoin's Replacement of Fees RBF, which increases a user's balance with the value of an unconfirmed transaction immediate...

8.1CVSS6.8AI score0.00493EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2020/03/11 1:0 p.m.14 views

The Ultimate Security Budget Excel Template

Sound security budget planning and execution are essential for the CIO’s/CISO’s success. Now, for the first time, The Ultimate Security Budget Plan & Track Excel template download here provides security executives a clear and intuitive tool to keep track of planned vs. actual spend, ensuring that...

0.3AI score
Exploits0References3
ThreatPost
ThreatPost
added 2020/03/11 1:0 p.m.537 views

The Ultimate Security Budget Excel Template

Sound security budget planning and execution are essential for the CIO’s/CISO’s success. Now, for the first time, The Ultimate Security Budget Plan & Track Excel template download here provides security executives a clear and intuitive tool to keep track of planned vs. actual spend, ensuring that...

0.3AI score0.08469EPSS
Exploits0References3
OSV
OSV
added 2020/02/20 5:15 p.m.5 views

CVE-2019-4752

IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-e...

8.8CVSS7.2AI score0.01295EPSS
Exploits0References3
Prion
Prion
added 2020/02/20 5:15 p.m.19 views

Sql injection

IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-e...

6.5CVSS8.5AI score0.01295EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder