3656 matches found
Integer overflow in AdaptativeFee
Lines of code Vulnerability details Impact You have to take into account that when using a pragma lower than 0.8.X there is no compiler protection against any overflow. The method AdaptiveFee.exp is vulnerable to an integer overflows. Proof of Concept Using the following recipe: x = uint256.Max g...
CVE-2022-35069
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b544e...
havent specify the solidity compiler version, 8.15 and older version may lead to a mis encoded struct parameter
Lines of code Vulnerability details Impact the structure: struct ExecuteProposalParams uint256 proposalId; bytes proposalData; bytes progressData; bytes extraData; uint256 flags; IERC721 preciousTokens; uint256 preciousTokenIds; there are some unknown length elementbytes, in 8.15 and older...
OPA Compiler: Bypass of WithUnsafeBuiltins using "with" keyword to mock functions
Impact The Rego compiler provides a deprecated WithUnsafeBuiltins function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such rejected — by the compiler if encountered in the policy compilation stage. A bypass of this protection has been found,...
GHSA-F524-RF33-2JJR OPA Compiler: Bypass of WithUnsafeBuiltins using "with" keyword to mock functions
Impact The Rego compiler provides a deprecated WithUnsafeBuiltins function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such rejected — by the compiler if encountered in the policy compilation stage. A bypass of this protection has been found,...
Oracle Linux 8 : ruby:3.0 (ELSA-2022-6450)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6450 advisory. - Fix double free in Regexp compilation. Resolves: CVE-2022-28738 Tenable has extracted the preceding description block directly from the Oracle Linux...
java-17-openjdk bug fix update
An update is available for java-17-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The java-17-openjdk packages provide the OpenJDK 17 Java Runtime...
CVE-2022-36085
A flaw was found in open-policy-agent. The Rego compiler provides a deprecated WithUnsafeBuiltins function, allowing users to provide a set of built-in functions that should be deemed unsafe and rejected by the compiler if encountered in the policy compilation stage. A bypass of this protection c...
Design/Logic Flaw
Open Policy Agent OPA is an open source, general-purpose policy engine. The Rego compiler provides a deprecated WithUnsafeBuiltins function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such rejected — by the compiler if encountered in the...
CVE-2022-36085 OPA Compiler: Bypass of WithUnsafeBuiltins using `with` keyword to mock functions
Open Policy Agent OPA is an open source, general-purpose policy engine. The Rego compiler provides a deprecated WithUnsafeBuiltins function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such rejected — by the compiler if encountered in the policy...
CVE-2022-36085 OPA Compiler: Bypass of WithUnsafeBuiltins using `with` keyword to mock functions
Open Policy Agent OPA is an open source, general-purpose policy engine. The Rego compiler provides a deprecated WithUnsafeBuiltins function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such rejected — by the compiler if encountered in the policy...
CVE-2022-36085
Summary: CVE-2022-36085 affects the Open Policy Agent (OPA) Rego compiler. A bypass exists where the with keyword can mock unsafe built-ins, not always respected by the deprecated WithUnsafeBuiltins mechanism. This requires multiple conditions to provoke an adverse effect and has been demonstrate...
CVE-2022-36085 OPA Compiler: Bypass of WithUnsafeBuiltins using `with` keyword to mock functions
Open Policy Agent OPA is an open source, general-purpose policy engine. The Rego compiler provides a deprecated WithUnsafeBuiltins function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such rejected — by the compiler if encountered in the policy...
java-11-openjdk bug fix update
An update is available for java-11-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The java-11-openjdk packages provide the OpenJDK 11 Java Runtime...
SUSE-SU-2022:2961-1 Security update for open-vm-tools
This update for open-vm-tools fixes the following issues: - CVE-2022-31676: Fixed an issue that could allow unprivileged users inside a virtual machine to escalate privileges bsc1202657. Non-security fixes: - Update to 11.0.5 build 15389592 bsc1165955 DNS server is reported incorrectly in GuestIn...
GCC 安全漏洞
GCC is a collection of GNU compilers. It is primarily used to compile the C and C++ languages. A security vulnerability exists in GCC, which stems from an internal compiler error in the matchreload function in lra-constraints.c that causes the input file to crash...
Gcc 安全漏洞
GCC is a collection of GNU compilers. It is mainly used to compile the C and C++ languages. A security vulnerability exists in Gcc. An attacker has exploited this vulnerability to cause g++ to crash during compilation via a specially crafted input source file...
PT-2022-8939 · Gnu · Gcc
Name of the Vulnerable Software and Affected Versions: gcc affected versions not specified Description: The issue is related to an internal compiler error in the match reload function at lra-constraints.c, which may cause a crash when a crafted input file is used. Recommendations: At the moment,...
PT-2022-8940 · Gnu · Gcc
Name of the Vulnerable Software and Affected Versions: gcc affected versions not specified Description: A crafted input source file could cause g++ to crash during compilation when provided certain optimization flags. The issue is related to the ipcp store vr results function in gcc/ipa-cp.c...
CVE-2020-35536
In gcc, an internal compiler error in matchreload function at lra-constraints.c may cause a crash through a crafted input file...