CVE-2024-43366 zkvyper ignored loop range bounds

zkvyper is a Vyper compiler. Starting in version 1.3.12 and prior to version 1.5.3, since LLL IR has no Turing-incompletness restrictions, it is compiled to a loop with a much more late exit condition. It leads to a loss of funds or other unwanted behavior if the loop body contains it. However,...

CVE-2024-43366 zkvyper ignored loop range bounds

zkvyper is a Vyper compiler. Starting in version 1.3.12 and prior to version 1.5.3, since LLL IR has no Turing-incompletness restrictions, it is compiled to a loop with a much more late exit condition. It leads to a loss of funds or other unwanted behavior if the loop body contains it. However,...

CVE-2024-42476

CVE-2024-42476 affects the Nim OAuth library prior to v0.11. The Authorization Code and Implicit flows rely on the state parameter to prevent CSRF, but when compiled with certain flags the state check can be bypassed. Version 0.11 fixes this by using a proper state validation (regular if or doAss...

CVE-2024-42476 oauth CSRF vulnerability

In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the state parameter to prevent cross-site request forgery CSRF attacks where a resource owner might have their session associated with protected resources belonging to an attacker. Whe...

oauth 安全漏洞

oauth is an oauth library for nim by individual developer Yoshihiro Tanaka. A security vulnerability exists in versions prior to oauth 0.11, which stems from the use of certain compiler flags to compile projects where the state parameter may not be checked, leaving it vulnerable to cross-site...

CVE-2024-23907

Uncontrolled search path in some IntelR High Level Synthesis Compiler software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-23907

Uncontrolled search path in some IntelR High Level Synthesis Compiler software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-21857

Uncontrolled search path for some IntelR oneAPI Compiler software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-21857

Uncontrolled search path for some IntelR oneAPI Compiler software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-21857

CVE-2024-21857 involves an uncontrolled search path that could allow privilege escalation on Intel oneAPI components. Affected products before 2024.1 include Intel oneAPI DPC++/C++ Compiler, Fortran Compiler, oneAPI Base Toolkit, HPC Toolkit, and Distribution for Python for Windows. Root cause is...

CVE-2024-23907

Uncontrolled search path in some IntelR High Level Synthesis Compiler software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-23907

Uncontrolled search path in some IntelR High Level Synthesis Compiler software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access...

[SECURITY] Fedora 39 Update: pypy-7.3.16-2.fc39

PyPy's implementation of Python, featuring a Just-In-Time compiler on some CPU architectures, and various optimized implementations of the standard types strings, dictionaries, etc This build of PyPy has JIT-compilation enabled...

Fedora: Security Advisory (FEDORA-2024-c5152808e4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Intel® High Level Synthesis Compiler Software Advisory

Summary: A potential security vulnerability in some Intel® High Level Synthesis Compiler software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2024-23907 Description: Uncontrolled search path in...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to the go compiler

Summary Golang compiler is used by IBM Cloud Pak for Data to build various binaries. CVE-2023-27561, CVE-2023-28642, CVE-2023-25809, CVE-2022-32149, CVE-2022-41723, CVE-2022-41721, CVE-2022-27664, CVE-2022-29162, CVE-2021-43784, CVE-2023-2517 Vulnerability Details CVEID:CVE-2023-27561 DESCRIPTION...

[SECURITY] Fedora 40 Update: mingw-qt6-qtbase-6.7.2-3.fc40

This package contains the Qt software toolkit for developing cross-platform applications. This is the 32-bit Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler...

[SECURITY] Fedora 40 Update: mingw-qt5-qtbase-5.15.14-4.fc40

This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler...

SUSE CVE-2024-42161

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPFCOREREADBITFIELD Changes from V1: - Use a default branch in the switch statement to initialize val'. GCC warns that val' may be used uninitialized in the BPFCREREADBITFIELD macro, defined in...

Security Bulletin: Vulnerability in Go affect Cloud Pak System [CVE-2023-39323]

Summary Vulnerability in Golang Go affect Cloud Pak System. Vulnerability Details CVEID:CVE-2023-39323 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by improper enforcement of line directive restrictions in the "//go:cgo" directives. By...