The vulnerability of the io_file_bitmap_get() function (io_uring/filetable.c) in the Linux kernel allows a hacker to cause a service failure

The vulnerability of the iofilebitmapget function iouring/filetable.c in the Linux kernel is related to pointer arithmetic errors. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2022-3787

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath...

Privilege escalation

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath...

The vulnerability of the intuit_diff_type() function in the pch.c component of the Patch program allows a hacker to trigger a service failure.

The vulnerability of the intuitdifftype function in the pch.c component of the Patch program is related to pointer arithmetic errors. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of software for storing images with a wide dynamic range of brightness, related to pointer swapping errors, allows attackers to trigger a service failure.

The vulnerability of software for storing images with a wide dynamic range of brightness in OpenEXR is related to pointer arithmetic errors. Exploiting this vulnerability can allow an attacker to cause service interruptions...

UBUNTU-CVE-2021-43314

A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func getle32. The problem is essentially caused in PackLinuxElf32::elflookup at plxelf.cpp:5368...

Amazon Linux 2023 : device-mapper-multipath, device-mapper-multipath-devel, device-mapper-multipath-libs (ALAS2023-2023-141)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-141 advisory. multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can...

Low: protobuf-c

Issue Overview: A flaw was found in protobuf-c. The issue occurs due to an invalid arithmetic shift via the parsetagandwiretype in the protobuf-c/protobuf-c.c function. This flaw allows attackers to cause a denial of service DoS via unspecified vectors. CVE-2022-33070 Affected Packages: protobuf-...

The vulnerability of the ff_hevc_put_hevc_epel_pixels_8_sse function (sse-motion.cc) in the h.265 Libde265 video codec implementation allows a attacker to cause a service failure.

The vulnerability of the ffhevcputhevcepelpixels8sse function sse-motion.cc in the H.265 Libde265 video codec implementation is related to pointer arithmetic errors. Exploiting this vulnerability can allow an attacker to cause a service failure using a specially created file...

Incorrect calculation of gasToPay due to dividing before multiplying, rounding error.

Lines of code Vulnerability details Impact In Solidity, it is an error to divide before multiplying because of lots of rounding errors that can come from that. In this case: uint256 pubdataLen; unchecked pubdataLen = message.length + 31 / 32 32 + 64; uint256 gasToPay = pubdataLen...

The vulnerability in the implementation of the TIPC protocol (Transparent Inter-Process Communication) in the Linux operating system allows a attacker to cause a service failure.

The vulnerability of the TIPC protocol’s implementation in the Linux operating system is related to pointer arithmetic errors. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

The vulnerability in the `net/unix/diag.c` component of the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the net/unix/diag.c component in the Linux operating system is related to pointer arithmetic errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

ZERO TRUNCATION COULD LEAD TO UNEXPECTED RESULTS

Lines of code Vulnerability details Impact Precision issue leading to zero truncation due to numerator smaller than denominator in a ratio or a division happens readily in Solidity if extra cares have not been given to it. Arithmetic operations running into this incident are typically associated...

The vulnerability of the ufs_mtk_init_va09_pwr_ctrl() function (drivers/scsi/ufs/ufs-mediatek.c) in the Linux operating system’s UFS driver allows a hacker to cause a service failure.

The vulnerability of the ufsmtkinitva09pwrctrl function drivers/scsi/ufs/ufs-mediatek.c in the Linux operating system’s UFS driver is related to pointer arithmetic errors. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the memory_tier_init() function (mm/memory-tiers.c) in the Linux kernel’s memory management subsystem allows a attacker to trigger a service failure.

The vulnerability of the memorytierinit function mm/memory-tiers.c in the Linux kernel’s memory management subsystem is related to pointer arithmetic errors. Exploiting this vulnerability could allow an attacker to cause a system failure...

SWC-101 Artihmetic Overflow test/LotteryInvariantChecks.t.sol testBuyClaimFinalize()

Lines of code Vulnerability details Impact Integer overflow on finalizeDraw function. Failing tests: Encountered 1 failing test in test/LotteryInvariantChecks.t.sol:LotteryInvariantChecksTest FAIL. Reason: Arithmetic over/underflow Counterexample:...

Debian: Security Advisory (DLA-120)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the Windows Media Player media player on the Windows operating system, which allows a hacker to execute arbitrary code.

The vulnerability of Windows Media Player, a component of the Windows operating system, arises due to a loss of precision in integer arithmetic. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

Security Bulletin: IBM b-type SAN switches and directors affected by Open Source OpenSSL Vulnerabilities (CVE-2016-2177, CVE-2016-2178).

Summary IBM b-type SAN switches and directors addressing Open Source OpenSSL Vulnerabilities CVE-2016-2177, CVE-2016-2178. Vulnerability Details Relevant CVE Information: CVEID: CVE-2016-2177 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the incorrect use of pointer...

SUSE-SU-2023:0522-1 Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059101 fixes several issues. The following security issues were fixed: - CVE-2022-3564: Fixed use-after-free in l2capcore.c of the Bluetooth component bsc1206314. - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits bsc1207139...