CVE-2023-32469

Dell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution...

Input validation

Dell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution...

CVE-2023-32469

Dell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution...

Dell Precision Tower BIOS Input Validation Error Vulnerability

Dell Precision Tower BIOS is a series of computer workstations for CAD/Architecture/CG professionals or as a small business server from Dell USA. A security vulnerability exists in the Dell Precision Tower BIOS, which arises from a component that contains incorrect input validation, and which cou...

Oracle Linux 9 : gmp (ELSA-2023-6661)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-6661 advisory. 1:6.2.0-13 - Fix: previous commit removed one function from the library and thus broke the ABI - function gmpnpreinvdivrem1 should now not be removed Related:...

PT-2023-23810 · Dell · Dell Precision Tower Bios

Name of the Vulnerable Software and Affected Versions: Dell Precision Tower BIOS affected versions not specified Description: The issue is related to an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerabili...

Precision loss in getRSETHPrice

Lines of code Vulnerability details Impact Precision loss and return zero price by Oracle Proof of Concept Since the value of staked ether increases, the price of RSETH goes above ETH price and leads to a precision loss in the getRSETHPrice function of the oracle, and RSETH price becomes zero...

Precision loss in getRsETHAmountToMint

Lines of code Vulnerability details Impact users may lose their assets Proof of Concept The price of rsETH increases against ETH price, this leads to precision loss in getRsETHAmountToMint. Consider a scenario that one rsETH worth 10 ETH; now if a user tries to deposit 9 ETH he losses assets due ...

kernel: mlx5: fix possible ptp queue fifo use-after-free

In the Linux kernel, the following vulnerability has been resolved: mlx5: fix possible ptp queue fifo use-after-free Fifo indexes are not checked during pop operations and it leads to potential use-after-free when poping from empty queue. Such case was possible during re-sync action. WARNONONCE...

kernel: Linux kernel: Denial of Service in mlx5 driver due to memory leaks

A flaw was found in the Linux kernel's mlx5 driver. During a Precision Time Protocol PTP resynchronization operation, socket buffers SKBs were not properly freed, leading to a memory leak. Additionally, an error in the mlx5eskbfifohasroom function's counter check could cause further resource leak...

Arthimetic operation result in loss of voting power

Lines of code Vulnerability details Impact Carrying out calculation of voting power in function finalize based on division with value 1e4, then subtracting it with totalContributions and after that multiplying and dividing again will be a resultant that cause large precision error or even loss of...

kernel: mlx5: fix possible ptp queue fifo use-after-free

In the Linux kernel, the following vulnerability has been resolved: mlx5: fix possible ptp queue fifo use-after-free Fifo indexes are not checked during pop operations and it leads to potential use-after-free when poping from empty queue. Such case was possible during re-sync action. WARNONONCE...

kernel: Linux kernel: Denial of Service in mlx5 driver due to memory leaks

A flaw was found in the Linux kernel's mlx5 driver. During a Precision Time Protocol PTP resynchronization operation, socket buffers SKBs were not properly freed, leading to a memory leak. Additionally, an error in the mlx5eskbfifohasroom function's counter check could cause further resource leak...

gmp: Integer overflow and resultant buffer overflow via crafted input

A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability...

Low: Red Hat Security Advisory: gmp security and enhancement update

An update for gmp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

[SECURITY] Fedora 39 Update: libclc-17.0.2-1.fc39

libclc is an open source, BSD licensed implementation of the library requirements of the OpenCL C programming language, as specified by the OpenCL 1.1 Specification. The following sections of the specification impose library requirements: 6.1: Supported Data Types 6.2.3: Explicit Conversions...

accure interest function is likely failed to accure interest for token with low decimal

Lines of code Vulnerability details Impact loss of precision is too high when accuring interest Proof of Concept When intereste accures, we are calling uint256 interestAmount; uint256 interestRate = IIRMirm.getInterestRateaddressthis, trancheIndex, totalDeposit, totalBorrow; interestAmount =...

precision issue EthenaMinting:mint() allows users to steal fund.

Lines of code Vulnerability details Impact In the EthenaMinting:mint function of the contract, a call is made to the transferCollateral function. This function calculates the transfer amount using the formula uint256 amountToTransfer = amount ratiosi / 10000;. However, it does not account for...

CVE-2023-44199

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on MX Series allows a network-based, unauthenticated attacker to cause a Denial of Service DoS. On Junos MX Series platforms with Precision Time Protocol PTP...

CVE-2023-44199

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on MX Series allows a network-based, unauthenticated attacker to cause a Denial of Service DoS. On Junos MX Series platforms with Precision Time Protocol PTP...