CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Code423n4•added 2023/07/14 12:0 a.m.•5 views

Vault.sponsor may take away the prize chance from the receiver.

Lines of code Vulnerability details Impact TwabController.delegateBalance is related to the probability to get the prize, and Vault.sponsor can make the others' delegateBalance to 0. A malicious user can send a small amount of assets to every depositor and be the only prize taker. Proof of Concep...

6.8AI score

Code423n4•added 2023/04/28 12:0 a.m.•7 views

Malicious users can exploit NameEncoder vulnerability to forge arbitrary names

Lines of code Vulnerability details Impact A malicious user can spoof NameEncoder.dnsEncodeName by forging a name to impersonate any other name, which can lead to faulty contract logic or even theft of someone else's name. Proof of Concept The function NameEncoder.dnsEncodeName is used to convert...

7.2AI score

Code423n4•added 2023/02/20 12:0 a.m.•9 views

Unnecessary precision loss in redeemKIBT()

Lines of code Vulnerability details Impact Unnecessary precision loss in redeemKIBT Proof of Concept If enter Deprecated mode, user can switch back to StableCoin by percentage with redeemKIBT The redeemKIBT implementation code is as follows: function redeemKIBTuint256 amount external override...

OSV•added 2023/02/17 11:4 a.m.•3 views

OESA-2023-1086 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intelgvtdmamapguestpage function. This issue could allow a local user to...

5.5CVSS6.4AI score0.00016EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 3:21 a.m.•1 views

SUSE CVE-2023-0615

A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls, such as VIDIOCSDVTIMINGS ioctl. This could allow a local user to crash the system if vivid test code enabled...

5.5CVSS6.7AI score0.00016EPSS

Exploits0References3

Code423n4•added 2023/02/10 12:0 a.m.•8 views

Adding NFTS with AssociationType ORDERED or PRIMARY may cause overwriting

Risk rating Medium Risk Links to affected code Impact Subprotocol NFTs may be trapped in contract CidNFT forever. Proof of Concept When adding NFT to CidNFT with AssociationType ORDERED or PRIMARY, the cidData is written directly, without checking and handling the case that a previously added nft...

NVD•added 2023/02/06 11:15 p.m.•11 views

CVE-2023-0615

5.5CVSS5.6AI score0.00016EPSS

OSV•added 2023/02/06 11:15 p.m.•4 views

CVE-2023-0615

5.5CVSS6.7AI score

UbuntuCve•added 2023/02/06 11:15 p.m.•18 views

CVE-2023-0615

5.5CVSS6.2AI score0.00016EPSS

Cvelist•added 2023/02/06 12:0 a.m.•13 views

CVE-2023-0615

5.9AI score0.00016EPSS

CVE•added 2023/02/06 12:0 a.m.•90 views

CVE-2023-0615

CVE-2023-0615 affects the Linux kernel V4L2 and vivid test code paths. The vulnerability is a memory leak with potential divide-by-zero and integer overflow when triggering ioctls such as VIDIOC_S_DV_TIMINGS, which could allow a local user to crash the system if vivid test code is enabled. Public...

5.5CVSS5.2AI score0.00016EPSS

Exploits0References1Affected Software1

Hacker One•added 2022/07/17 7:56 a.m.•29 views

Hyperledger: Insecure TLS Configuration #3530

An insecure configuration was reported; however, this configuration is set on purpose in test code. Please see the resolved conversation on GitHub...

2.1AI score

Fedora•added 2022/07/17 1:15 a.m.•22 views

[SECURITY] Fedora 35 Update: golang-github-gogo-protobuf-1.3.2-5.fc35

Gogoprotobuf is a fork of golang/protobuf with extra code generation features. This code generation is used to achieve: - fast marshalling and unmarshalling - more canonical Go structures - goprotobuf compatibility - less typing by optionally generating extra helper code - peace of mind by...

9.3CVSS8.9AI score0.00963EPSS

Exploits4

OSV•added 2022/06/20 8:21 p.m.•7 views

MAL-2022-6467 Malicious code in test-code-012 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7080c0537a1cd0eed101038e59a5e10f8625046c5bf7ed509ef0c4b9b9c4df5d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2022/06/20 8:21 p.m.•5 views

MAL-2022-6468 Malicious code in test-code-0121 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 457d1e4d390a671c9413ba39f6605f62c4dd6f24c93a118a1064e092d78eb4a7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...