105 matches found
CVE-2024-46708
In the Linux kernel, the following vulnerability has been resolved: pinctrl: qcom: x1e80100: Fix special pin offsets Remove the erroneus 0x100000 offset to prevent the boards from crashing on pin state setting, as well as for the intended state changes to take effect...
CVE-2024-46708
In the Linux kernel, the following vulnerability has been resolved: pinctrl: qcom: x1e80100: Fix special pin offsets Remove the erroneus 0x100000 offset to prevent the boards from crashing on pin state setting, as well as for the intended state changes to take effect...
UBUNTU-CVE-2024-46708
In the Linux kernel, the following vulnerability has been resolved: pinctrl: qcom: x1e80100: Fix special pin offsets Remove the erroneus 0x100000 offset to prevent the boards from crashing on pin state setting, as well as for the intended state changes to take effect...
CVE-2024-46708
In the Linux kernel, the following vulnerability has been resolved: pinctrl: qcom: x1e80100: Fix special pin offsets Remove the erroneus 0x100000 offset to prevent the boards from crashing on pin state setting, as well as for the intended state changes to take effect...
CVE-2022-48910
In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ensure we call ipv6mcdown at most once There are two reasons for addrconfnotify to be called with NETDEVDOWN: either the network device is actually going down, or IPv6 was disabled on the interface. If either of them...
CVE-2022-48830 can: isotp: fix potential CAN frame reception race in isotp_rcv()
In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix potential CAN frame reception race in isotprcv When receiving a CAN frame the current code logic does not consider concurrently receiving processes which do not show up in real world usage. Ziyang Xuan writes: The...
CVE-2024-30386 Junos OS and Junos OS Evolved: In a EVPN-VXLAN scenario state changes on adjacent systems can cause an l2ald process crash
A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon l2ald of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service DoS. In an EVPN-VXLAN scenario, when state updates are received and...
UBUNTU-CVE-2021-46978
In the Linux kernel, the following vulnerability has been resolved: KVM: nVMX: Always make an attempt to map eVMCS after migration When enlightened VMCS is in use and nested state is migrated with vmxgetnestedstate/vmxsetnestedstate KVM can't map evmcs page right away: evmcs gpa is not 'struct...
GHSA-27WG-99G8-2V4V Rust EVM erroneousle handles `record_external_operation` error return
Impact In rust-evm, a feature called recordexternaloperation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a CREATE or CREATE2, in the case that the substack execution...
Rust EVM erroneousle handles `record_external_operation` error return
Impact In rust-evm, a feature called recordexternaloperation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a CREATE or CREATE2, in the case that the substack execution...
CVE-2024-21629
Rust EVM is an Ethereum Virtual Machine interpreter. In rust-evm, a feature called recordexternaloperation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a CREATE or...
CVE-2024-21629 Erroneous handling of `record_external_operation` error return
Rust EVM is an Ethereum Virtual Machine interpreter. In rust-evm, a feature called recordexternaloperation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a CREATE or...
EFACEC BCU 500 Cross-Site Request Forgery Vulnerability
The EFACEC BCU 500 is a programmable control system from EFACEC Portugal. The EFACEC BCU 500 suffers from a cross-site request forgery vulnerability that stems from susceptibility to a cross-site request forgery CSRF attack, which could force a user to perform a state change request on an...
CVE-2023-38885
OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery CSRF protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind of state changing request...
kernel: drm/amd/display: fix FCLK pstate change underflow
A calculation flaw was found in the AMD display driver in the Linux kernel. When UCLK p-state is not supported, FCLK p-state change watermarks are incorrectly calculated using dummy values, potentially causing underflow. This can lead to display issues or system instability during power state...
LiquidationQueue brings centralization risk in the contract.
Lines of code Vulnerability details Impact the owner has too much unilateral control over liquidations and can manipulate te country in the following ways: The owner of LiquidationQueue sees a profitable liquidation opportunity Before anyone else can liquidate, they use LiquidationQueue to place ...
Reentrancy Vulnerability: The contract inherits from the ReentrancyGuard contract, which smay be vulnerable to reentrancy attacks if not properly handled in the contract's logic.
Lines of code Vulnerability details Impact The impact of the reentrancy vulnerability in the incrementGaugeWeight function can be summarized as follows: Loss of Funds: Attackers can drain funds from the contract or manipulate balances. Unexpected State Changes: Manipulation of variables can lead ...
Missing store revert in case of swap error can lead to loss of funds
Lines of code Vulnerability details Impact The module is expected to have no state changes in case a swap failed, and continue to the conversion phase. It was implemented by swallowing the error with a log and continuing with the flow erc20 conversion, etc. This is the relevant code section:...
PYSEC-2023-66
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that...
CVE-2022-39374
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that...