CVE-2023-29162

Improper buffer restrictions the IntelR C++ Compiler Classic before version 2021.8 for IntelR oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2023-29162

Improper buffer restrictions the IntelR C++ Compiler Classic before version 2021.8 for IntelR oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2023-35121

Improper access control in the IntelR oneAPI DPC++/C++ Compiler before version 2022.2.1 for some IntelR oneAPI Toolkits before version 2022.3.1 may allow authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-35121

Improper access control in the IntelR oneAPI DPC++/C++ Compiler before version 2022.2.1 for some IntelR oneAPI Toolkits before version 2022.3.1 may allow authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-29162

The CVE-2023-29162 entry concerns Intel’s Intel® oneAPI Toolkits, specifically the Intel C++ Compiler Classic prior to 2021.8 bundled with toolkits before 2022.3.1. The issue is an improper buffer restriction that may allow a privileged local user to escalate privileges. Affected scope includes I...

CVE-2023-35121

The CVE-2023-35121 issue concerns improper access control in Intel’s oneAPI DPC++/C++ Compiler prior to 2022.2.1 for some toolkits prior to 2022.3.1, enabling potential privilege escalation via local access when authenticated. Affected software is Intel® oneAPI DPC++/C++ Compiler and related tool...

Intel C++ Compiler Classic Security Vulnerability

Intel C++ Compiler Classic is a C++ compiler from Intel Corporation USA used to generate optimized code that runs on Intel processors. A security vulnerability previously existed in Intel C++ Compiler Classic version 2021.8, which stemmed from an improper buffer limit in the affected product. It...

Intel(R) oneAPI DPC++/C++ Compiler Security Vulnerability

IntelR oneAPI DPC++/C++ Compiler is a compiler from Intel Corporation USA. A security vulnerability previously existed in Intel oneAPI DPC++/C++ Compiler software version 2023.2.1, which stems from improper access control in the affected product. It could result in an authenticated user potential...

Intel ISPC Security Vulnerability

Intel ISPC is a program compiler from Intel Corporation USA. A security vulnerability previously existed in Intel ISPC version 1.21.0, which stemmed from an uncontrolled search path issue in affected products. This could result in an authenticated user potentially being able to escalate privilege...

kernel: Executable Space Protection Bypass

A vulnerability was found in the Linux kernel when certain binary files have the exec-all attribute with gcc. This issue can cause the execution of bytes located in the non-executable regions of a file...

The vulnerability of the Compiler component in Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition allows attackers to disclose protected information.

The vulnerability of the Compiler component in Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition exists due to insufficient testing of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...

PYSEC-2024-147

Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the IR for sha364. Concretely, the height variable is miscalculated. The vulnerability can't be triggered without writing the IR by hand that is, it cannot be triggered from regular...

CVE-2024-24559 Vyper SHA3 code generation bug

Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the IR for sha364. Concretely, the height variable is miscalculated. The vulnerability can't be triggered without writing the IR by hand that is, it cannot be triggered from regular...

java-1.8.0-openjdk: Fix of 8 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u402-b06. That fixes following CVEs: - CVE-2024-20918: Array out-of-bounds access due to missing range check in C1 compiler - CVE-2024-20919: JVM class file verifier flaw allows unverified bytecode execution - CVE-2024-20921: Range check loop...

Code injection

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin rawcall even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics o...

Improper Authorization

openjdk21 is vulnerable to Improper Authorization. The vulnerability is due to an issue in the Compiler component, allowing an unauthenticated attacker with network access through multiple protocols to compromise the affected systems...

CVE-2024-24567 raw_call `value=` kwargs not disabled for static and delegate calls

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin rawcall even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics o...

CVE-2024-24567 raw_call `value=` kwargs not disabled for static and delegate calls

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin rawcall even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics o...

Vyper's raw_call `value=` kwargs not disabled for static and delegate calls

Summary Vyper compiler allows passing a value in builtin rawcall even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics of the respective opcodes, and vyper will silently ignore the value=...

GLSA-202401-27 : Ruby: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202401-27 Ruby: Multiple vulnerabilities - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header...