CVE-2022-29255

HIGH Year: 2022
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-670
View all →

Vulnerability Description

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address (including side effects) could be evaluated twice. This may result in incorrect outcomes for contracts. This issue has been addressed in v0.3.4.

Related Vulnerabilities

CVE-2014-2686

HIGH
CVSS:7.5(High)

Ansible prior to 1.5.4 mishandles the evaluation of some strings.

CWE-6702014

CVE-2019-11412

HIGH
CVSS:7.5(High)

An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service (invalid stack-frame jump) because it lacks an ENDTRY opcode call.

CWE-6702019

CVE-2019-19324

HIGH
CVSS:7.5(High)

Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance.

CWE-6702019

CVE-2019-19729

HIGH
CVSS:7.5(High)

An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID() allows an attacker to generate a malformed objectid by inserting an additional property to the us...

CWE-6702019

CVE-2019-9946

HIGH
CVSS:7.5(High)

Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts ...

CWE-6702019

CVE-2020-36277

HIGH
CVSS:7.5(High)

Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c.

CWE-6702020