Lucene search
+L

150 matches found

NVD
NVD
added 2024/08/31 12:15 a.m.32 views

CVE-2024-45304

Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. This vulnerability can lead to unauthorized ownership transfer, contrary to the original owner's intention of leaving the contract without an owner. It introduces a security risk where an unintend...

6.5CVSS0.00479EPSS
Exploits0References3
CVE
CVE
added 2024/08/30 11:51 p.m.53 views

CVE-2024-45304

CVE-2024-45304 affects Cairo-Contracts (OpenZeppelin Cairo contracts for StarkNet). The issue, described as an OwnableTwoStep flaw, lets a pending owner gain control after the original owner renounces ownership, enabling an unintended transfer of ownership. Root cause: a flaw in the two-step owne...

6.5CVSS5.7AI score0.00479EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/08/30 11:51 p.m.35 views

CVE-2024-45304 OwnableTwoStep allows a pending owner to accept ownership after the original owner has renounced ownership in cairo-contracts

Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. This vulnerability can lead to unauthorized ownership transfer, contrary to the original owner's intention of leaving the contract without an owner. It introduces a security risk where an unintend...

5.3CVSS0.00479EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/08/30 11:51 p.m.15 views

CVE-2024-45304 OwnableTwoStep allows a pending owner to accept ownership after the original owner has renounced ownership in cairo-contracts

Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. This vulnerability can lead to unauthorized ownership transfer, contrary to the original owner's intention of leaving the contract without an owner. It introduces a security risk where an unintend...

5.3CVSS7.3AI score0.00479EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/08/30 12:0 a.m.6 views

OpenZeppelin Contracts for Cairo 安全漏洞

OpenZeppelin Contracts for Cairo is a secure smart contract development library open-sourced by OpenZeppelin. A security vulnerability exists in OpenZeppelin Contracts for Cairo versions prior to 0.15.1, which stems from an unauthorized ownership transfer mechanism that could result in an...

6.5CVSS6.7AI score0.00479EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2024/08/19 10:49 a.m.61 views

How to Automate the Hardest Parts of Employee Offboarding

According to recent research on employee offboarding, 70% of IT professionals say they've experienced the negative effects of incomplete IT offboarding, whether in the form of a security incident tied to an account that wasn't deprovisioned, a surprise bill for resources that aren't in use anymor...

6.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2024/07/02 9:2 a.m.10 views

kernel: gro: fix ownership transfer

A flaw was found in the Linux kernel's Generic Receive Offload GRO feature, where packets processed with a fragment list are not properly orphaned due to incorrect handling of socket references. This vulnerability can cause system instability or kernel bugs. The issue has been fixed by making sur...

5.5CVSS6.7AI score0.00232EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2024/05/21 1:59 a.m.2 views

SUSE CVE-2024-35890

In the Linux kernel, the following vulnerability has been resolved: gro: fix ownership transfer If packets are GROed with fraglist they might be segmented later on and continue their journey in the stack. In skbsegmentlist those skbs can be reused as-is. This is an issue as their destructor was...

5.5CVSS6AI score0.00232EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2024/05/20 12:14 p.m.29 views

CVE-2024-35890

A flaw was found in the Linux kernel's Generic Receive Offload GRO feature, where packets processed with a fragment list are not properly orphaned due to incorrect handling of socket references. This vulnerability can cause system instability or kernel bugs. The issue has been fixed by making sur...

5.5CVSS7.2AI score0.00232EPSS
Exploits0References4
OSV
OSV
added 2024/05/19 9:15 a.m.10 views

DEBIAN-CVE-2024-35890

In the Linux kernel, the following vulnerability has been resolved: gro: fix ownership transfer If packets are GROed with fraglist they might be segmented later on and continue their journey in the stack. In skbsegmentlist those skbs can be reused as-is. This is an issue as their destructor was...

5.5CVSS5.4AI score0.00232EPSS
Exploits0References1
NVD
NVD
added 2024/05/19 9:15 a.m.25 views

CVE-2024-35890

In the Linux kernel, the following vulnerability has been resolved: gro: fix ownership transfer If packets are GROed with fraglist they might be segmented later on and continue their journey in the stack. In skbsegmentlist those skbs can be reused as-is. This is an issue as their destructor was...

5.5CVSS6.3AI score0.00232EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2024/05/19 9:15 a.m.43 views

CVE-2024-35890

In the Linux kernel, the following vulnerability has been resolved: gro: fix ownership transfer If packets are GROed with fraglist they might be segmented later on and continue their journey in the stack. In skbsegmentlist those skbs can be reused as-is. This is an issue as their destructor was...

5.5CVSS6.3AI score0.00232EPSS
Exploits0References19
OSV
OSV
added 2024/05/19 9:15 a.m.2 views

UBUNTU-CVE-2024-35890

In the Linux kernel, the following vulnerability has been resolved: gro: fix ownership transfer If packets are GROed with fraglist they might be segmented later on and continue their journey in the stack. In skbsegmentlist those skbs can be reused as-is. This is an issue as their destructor was...

5.5CVSS6AI score0.00232EPSS
Exploits0References20
Cvelist
Cvelist
added 2024/05/19 8:34 a.m.24 views

CVE-2024-35890 gro: fix ownership transfer

In the Linux kernel, the following vulnerability has been resolved: gro: fix ownership transfer If packets are GROed with fraglist they might be segmented later on and continue their journey in the stack. In skbsegmentlist those skbs can be reused as-is. This is an issue as their destructor was...

6.3AI score0.00232EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/05/19 8:34 a.m.20 views

CVE-2024-35890 gro: fix ownership transfer

In the Linux kernel, the following vulnerability has been resolved: gro: fix ownership transfer If packets are GROed with fraglist they might be segmented later on and continue their journey in the stack. In skbsegmentlist those skbs can be reused as-is. This is an issue as their destructor was...

6.5AI score0.00232EPSS
Exploits0References5
CVE
CVE
added 2024/05/19 8:34 a.m.155 views

CVE-2024-35890

CVE-2024-35890 : In the Linux kernel, a GRO (generic receive offload) fraglist ownership transfer bug can lead to use-after-free/dos conditions when packets are GROed with fraglist. The issue arises because skb_gro_receive_list removes the socket reference but the skb_segment_list may reuse skbs ...

5.5CVSS6.5AI score0.00232EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/05/17 12:15 p.m.1 views

DEBIAN-CVE-2024-27418

In the Linux kernel, the following vulnerability has been resolved: net: mctp: take ownership of skb in mctplocaloutput Currently, mctplocaloutput only takes ownership of skb on success, and we may leak an skb if mctplocaloutput fails in specific states; the skb ownership isn't transferred until...

5.5CVSS5.3AI score0.00219EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/17 12:0 a.m.7 views

PT-2024-21882

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the mctp local output function in the Linux kernel, which only takes ownership of the skb on success. If mctp local output fails in specific states, it may leak a...

5.5CVSS5.4AI score0.00219EPSS
Exploits0
OSV
OSV
added 2024/04/28 1:15 p.m.1 views

DEBIAN-CVE-2022-48637

In the Linux kernel, the following vulnerability has been resolved: bnxt: prevent skb UAF after handing over to PTP worker When reading the timestamp is required bnxttxint hands over the ownership of the completed skb to the PTP worker. The skb should not be used afterwards, as the worker may run...

7.8CVSS5.7AI score0.00227EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/04/18 2:35 a.m.19 views

kernel: gro: fix ownership transfer

A flaw was found in the Linux kernel's Generic Receive Offload GRO feature, where packets processed with a fragment list are not properly orphaned due to incorrect handling of socket references. This vulnerability can cause system instability or kernel bugs. The issue has been fixed by making sur...

5.5CVSS6.7AI score0.00232EPSS
Exploits0References5
Rows per page
Query Builder