Lucene search
K

5 matches found

Code423n4
Code423n4
added 2023/05/15 12:0 a.m.10 views

A user asset cannot be seized if the supplied market's collateral to seize(vTokenCollateral)is different than the pool(seizerContract) where the liquidateBorrow function is called.

Lines of code Vulnerability details Impact A user asset cannot be seized if the supplied market's collateral to seizevTokenCollateralis different than the poolseizerContract where the liquidateBorrow function is called. Proof of Concept A user asset cannot be seized if the supplied market's...

6.7AI score
Exploits0
NVD
NVD
added 2023/01/12 3:15 p.m.24 views

CVE-2022-2155

A vulnerability exists in the affected versions of Lumada APM’s User Asset Group feature due to a flaw in access control mechanism implementation on the “Limited Engineer” role, granting it access to the embedded Power BI reports feature. An attacker that manages to exploit the vulnerability on a...

7.1CVSS6AI score0.00372EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/12 2:1 p.m.24 views

CVE-2022-2155 A vulnerability exists in the Lumada APM’s User Asset Group feature due to a flaw in access control mechanism implementation on the “Limited Engineer” role.

A vulnerability exists in the affected versions of Lumada APM’s User Asset Group feature due to a flaw in access control mechanism implementation on the “Limited Engineer” role, granting it access to the embedded Power BI reports feature. An attacker that manages to exploit the vulnerability on a...

5.7CVSS6.9AI score0.00372EPSS
Exploits0References1
CVE
CVE
added 2023/01/12 2:1 p.m.44 views

CVE-2022-2155

Lumada APM on-premises versions 6.0.0.0–6.4.x are affected by an improper access control vulnerability in the User Asset Group feature where the Limited Engineer role can access embedded Power BI reports and potentially manipulate asset issue comments. Exploitation could grant unauthorized access...

7.1CVSS6AI score0.00372EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2008/08/19 7:10 p.m.16 views

CVE-2008-3717

Harmoni before 1.6.0 does not require administrative privileges to list 1 user names or 2 asset ids, which allows remote attackers to obtain sensitive information...

6.5AI score0.01256EPSS
Exploits0References5
Rows per page
Query Builder