Lucene search
K

128 matches found

Cvelist
Cvelist
added 2024/05/01 5:17 a.m.23 views

CVE-2024-26937 drm/i915/gt: Reset queue_priority_hint on parking

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Reset queuepriorityhint on parking Originally, with strict in order execution, we could complete execution only when the queue was empty. Preempt-to-busy allows replacement of an active request that may complete befo...

7.6AI score0.00269EPSS
Exploits0References8
vulnersOsv
vulnersOsv
added 2024/04/17 6:21 p.m.6 views

@jup-ag/core (>=3.0.0-beta.0 <=3.0.0-beta.8-eacba78), @jup-ag/react-hook (>=3.0.0-beta.0 <=3.0.0-beta.8-eacba78) +7 more potentially affected by CVE-2024-30253 via @solana/web3.js (>=1.63.0 <=1.63.1)

@solana/web3.js NPM version =1.63.0, =3.0.0-beta.0, =3.0.0-beta.0, =0.0.1-0d5b39f4.0, =0.0.1-0f199db9.0, =4.0.0-maple-1, =0.1.0, =1.4.8, =1.0.0, =1.7.1-alpha.4 Source cves: CVE-2024-30253 Source advisory: OSV:GHSA-8M45-2RJM-J347...

7.5CVSS7AI score0.00593EPSS
Exploits0
NVD
NVD
added 2024/04/04 7:15 a.m.17 views

CVE-2024-29375

CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name inside Input Triangles and Yield Curve Name parameters...

9.8CVSS7.7AI score0.01463EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/04 12:0 a.m.4 views

Addactis IBNRS 安全漏洞

Addactis IBNRS is a non-life insurance solution from Addactis. A security vulnerability exists in Addactis IBNRS version v.3.10.3.107, which stems from a vulnerability that allows remote attackers to execute, via a crafted .ibnrs file, the Project Description, Identifiers, Custom Triangle Name, a...

9.8CVSS6.6AI score0.01463EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.7 views

PT-2024-22870 · Addactis · Addactis Ibnrs

Name of the Vulnerable Software and Affected Versions: Addactis IBNRS version 3.10.3.107 Description: The issue allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name inside Input Triangles, and Yield Curve Name...

9.8CVSS7.9AI score0.01463EPSS
Exploits0References3
CVE
CVE
added 2024/04/04 12:0 a.m.52 views

CVE-2024-29375

Addactis IBNRS v3.10.3.107 is affected by a CSV Injection vulnerability that lets an attacker craft a .ibnrs file to inject content into Project Description, Identifiers, Custom Triangle Name, and Yield Curve Name, enabling remote arbitrary code execution. The CVSS 3.1 base score is 9.8 (CRITICAL...

9.8CVSS8AI score0.01463EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/04 12:0 a.m.17 views

CVE-2024-29375

CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name inside Input Triangles and Yield Curve Name parameters...

8AI score0.01463EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/01/02 3:55 a.m.5 views

Malicious code in yield-api-documentation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd5cbdb7d4a993fa1eaa24b6a76752bcaef2b40f325168ed535651ab0b116a48 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2024/01/02 3:55 a.m.11 views

MAL-2024-20 Malicious code in yield-api-documentation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd5cbdb7d4a993fa1eaa24b6a76752bcaef2b40f325168ed535651ab0b116a48 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Code423n4
Code423n4
added 2023/10/30 12:0 a.m.11 views

A user with SOFT_RESTRICTED_STAKER_ROLE can earn yield.

Lines of code Vulnerability details Impact Any user blacklisted with SOFTRESTRICTEDSTAKERROLE role can earn yield by buying stUSDe token from open market and unstake stUSDe for USDe token on the StakedUSDeV2.sol contract. Proof of Concept The unstake function calls the internal withdraw function...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/10/30 12:0 a.m.10 views

Lack of functionality to distribute the yield to the USDe stakers.

Lines of code Vulnerability details Impact User will not get the benefit of the yield which is output of their USDe staking. Outcome of yield is the core feature of staking. we are submitting this as high. Proof of Concept An user who is not black listed is allowed to stake their USDe by calling...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/26 12:0 a.m.11 views

M-22 Unmitigated

Lines of code Vulnerability details Comments The underlying yield vaults used by the V5 vaults usually round down shares received when depositing. As a result, if the Vault deposits to an underlying yield vault that has already issued shares, it is possible that a deposit could be rounded down to...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/04 12:0 a.m.9 views

ConvexTriCryptoStrategy might not compound all rewards

Lines of code Vulnerability details Impact When compounding in ConvexTriCryptoStrategy, the number of tokens that is swapped into wETH does not account for extraRewards and tokenRewards. This can cause a loss of yield and rewards to be lost. Proof of Concept In ConvexTriCryptoStrategy.executeClai...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/04 12:0 a.m.11 views

Yearn Stragety tolerant 0 loss, which is too strict and can block withdraw

Lines of code Vulnerability details Impact Yearn Stragety tolerant 0 loss, which is too strict Proof of Concept When withdraw from Yearn Stragety result = vault.withdrawtoWithdraw, addressthis, 0; @param maxLoss The maximum acceptable loss to sustain on withdrawal. Defaults to 0.01%. If a loss is...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/21 12:0 a.m.6 views

M-06 Unmitigated

Lines of code Vulnerability details Original Issue code-423n4/2023-06-angle-findings13 Details This issue shows users may lose a portion of yield when protocolSafetyFee and vestingPeriod are changed. As mitigation, it recommends accruing interests before those parameters are changed. Mitigation P...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/14 12:0 a.m.9 views

Malicious Yield Vault could deny Pool Together withdrawing assets

Lines of code Vulnerability details Impact Since vaults can be created by anyone as long as they provide an ERC-4626 compliant yield source, an attacker could set up a malicious ERC-4626 contract and set that as the yield source for a newly created Vault. The attacker could then have the maliciou...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/14 12:0 a.m.18 views

Vault funds can be stolen by a malicious Yield Vault.

Lines of code Vulnerability details Impact When a vault is initialized, it sets Max Token Approval for the Yield Vault which allows the Yield Vault to ALWAYS have access to the funds in the vault. Since vaults can be created by anyone as long as they provide an ERC-4626 compliant yield source, an...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/14 12:0 a.m.11 views

Vault.mintYieldFee FUNCTION CAN BE CALLED BY ANYONE TO MINT Vault Shares TO ANY RECIPIENT ADDRESS

Lines of code Vulnerability details Impact The Vault.mintYieldFee external function is used to mint Vault shares to the yield fee recipient. The function is an external function and can be called by anyone since there is no access control. The function will revert only under following two...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/07 12:0 a.m.11 views

Interest is not accrued before parameters are updated in SavingsVest

Lines of code Vulnerability details Impact Stablecoin holders can receive wrongly calculated yield in the SavingsVest contract. Also, wrong vesting profit can be slashed when the protocol is under-collateralized. Proof of Concept The SavingsVest contract lets users deposit their stablecoins and...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/06/22 12:0 a.m.9 views

Loss of staking yield for stakers when another user stakes in pause/frozen state

Lines of code Vulnerability details Impact Loss of staking yield for stakers when another user stakes in pause/frozen state. Proof of Concept Issue 148 from previous audit is present again. As i can see it was mitigated. But maybe after that new code changes were made, so this issue is present...

7AI score
Exploits0
Rows per page
Query Builder