The vulnerability of Dell PowerEdge 14G server and Dell Precision workstation microprogramming software relates to writing beyond the buffer boundaries, allowing an attacker to execute arbitrary code or escalate their privileges.

The vulnerability of Dell PowerEdge 14G server and Dell Precision workstation microprogramming software lies in the issue of writing beyond buffer boundaries. Exploiting this vulnerability allows an attacker to execute arbitrary code or gain increased privileges...

gmp: Integer overflow and resultant buffer overflow via crafted input

A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability...

Moderate: Red Hat Security Advisory: gmp security update

An update for gmp is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

[SECURITY] [DLA 3750-1] php-phpseclib security update

Debian LTS Advisory DLA-3750-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin March 05, 2024 https://wiki.debian.org/LTS Package : php-phpseclib Version : 2.0.30-2deb10u3 CVE ID : CVE-2024-27354 CVE-2024-27355 Security issues were discovered in php-phpseclib, a PH...

RHEL 8 : gmp (RHSA-2024:1102)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1102 advisory. The gmp packages contain GNU MP, a library for arbitrary precision arithmetics, signed integers operations, rational numbers, and floating point...

Linux kernel security vulnerabilities

The Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel that stems from an error in the calculation of the nhoff value when raw PTP Ethernet frames larger than 256 bytes in size and in 0xff mode are sent...

SUSE-SU-2024:0460-1 Security update for rekor

This update for rekor fixes the following issues: update to 1.3.5 jscSLE-23476: - Additional unique index correction - Remove timestamp from checkpoint - Drop conditional when verifying entry checkpoint - Fix panic for DSSE canonicalization - Change Redis value for locking mechanism - give log...

secRewardsPerShare Insufficient precision

Lines of code Vulnerability details Vulnerability details we also introduced the field secRewardDebt. The idea of this field is to enable any lending platforms that are integrated with Neofinance Coordinator to send their own rewards based on this value or rather the difference of this value sinc...

Loss of precission when calculating the accumulated CANTO per share

Lines of code Vulnerability details Impact When calculating the amount of CANTO per share in updatemarket, dividing by 1e18 in cantoReward and multiplying by the same value in accCantoPerShare rounds down the final value, making the amount of rewards users will receive be less than expected. Proo...

[SECURITY] [DLA 3719-1] phpseclib security update

Debian LTS Advisory DLA-3719-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin January 25, 2024 https://wiki.debian.org/LTS Package : phpseclib Version : 1.0.19-3deb10u2 CVE ID : CVE-2023-48795 It was discovered that phpseclib, a PHP library for arbitrary-precision...

CVE-2024-21599

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service DoS. If an MX Series device receives PTP packets on an MPC3E that doesn't...

PT-2023-25821 · C-Blosc2 · C-Blosc2

Name of the Vulnerable Software and Affected Versions: C-blosc2 versions prior to 2.9.3 Description: The issue is related to a NULL pointer dereference in the function zfp prec decompress at zfp/blosc2-zfp.c. This indicates a problem where the code attempts to access memory through a pointer that...

Users receive fewer tokens due to inaccuracy in calculation

Lines of code Vulnerability details Impact There is a loss of precision in the VRGDAC.yToX function, because in several places division occurs first, and then the result is multiplied. This results in users receiving fewer tokens. According to test data, the difference can be 8 digits. The choice...

Some buyers wont get expected tokens minted due to precision loss

Lines of code Vulnerability details Impact The ERC20TokenEmitter.buyToken mints tokens according to the configured bps per address. This is due to the below code's implementation in buyToken function. for uint256 i = 0; i 0 // transfer tokens to address mintaddressesi, uint256totalTokensForBuyers...

Loss of precision in calculations

Lines of code Vulnerability details The use of regular division can lead to loss of precision. This could enable certain manipulations through precision attacks. Recommendation: Use SafeMath's div for integer division. Division used in parent can lead to loss of precision. Safemath usage is...

Incorrect Decimals Conversion in Curve2PoolAdapter::primitiveOutputAmount Function

Lines of code Vulnerability details Impact The bug in the primitiveOutputAmount function can lead to incorrect decimal conversions when calculating the rawInputAmount. The rawInputAmount is calculated using the convertDecimals function, but the decimals parameter passed to convertDecimals is...

Handling Potential Slippage Due to Truncation

Lines of code Vulnerability details Impact The potential slippage issue arises from the precision loss during decimal conversion in the primitiveOutputAmount function. When interacting with the Curve Tricrypto Pool, especially involving tokens with different decimal precisions, truncation can lea...

CVE-2023-44297

Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial ...

CVE-2023-44298

Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service...

CVE-2023-44297

Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial ...