Possible DOS in lendToProject() and toggleLendingNeeded() function because unbounded loop can run out of gas

Lines of code Vulnerability details Impact In Project contract, the lendToProject function might not be available to be called if there are a lot of Task in tasks list of project. It means that the project cannot be funded by either builder or community owner. This can happen because lendToProjec...

The vulnerability of the BN_mod_sqrt() function in the OpenSSL library, which allows a hacker to cause a denial-of-service attack

The vulnerability of the BNmodsqrt function in the OpenSSL library is related to the execution of a loop without sufficient restrictions on its execution count. Exploiting this vulnerability could allow a malicious actor to cause a service failure...

Unbounded loop on array that can only grow can lead to DoS

Handle robee Vulnerability details A malicious attacker that is also a protocol owner can push unlimitedly to an array, that some function loop over this array. If increasing the array size enough, calling the function that does a loop over the array will always revert since there is a gas limit...

Unbounded loop on array controlled by owner can lead to DoS

Handle robee Vulnerability details A malicious attacker that is also a protocol owner can push unlimitedly to an array, that some function loop over this array. If increasing the array size enough, calling the function that does a loop over the array will always revert since there is a gas limit...

Unbounded loop in TwapOracle.update can result in oracle being locked

Handle TomFrench Vulnerability details Impact Loss of ability of TwapOracle to update should too many pools be added. Proof of Concept TwapOracle allows an unlimited number of pairs to be added and has no way of removing pairs after the fact. At the same time TwapOracle.update iterates through al...

Unbounded loop in _removeNft could lead to a griefing/DOS attack

Handle shw Vulnerability details Impact Griefing/DOS attack is possible when a malicious NFT contract sends many NFTs to the vault, which could cause excessive gas consumed and even transactions reverted when other users are trying to unlock or transfer NFTs. Proof of Concept 1. The function...

The vulnerability of the mp4ff_read_stco function in software for working with audio files, found in the Freeware Advanced Audio Decoder 2 (FAAD2) software, allows a hacker to trigger a service denial.

The vulnerability of the mp4ffreadstco function in software for working with audio files, found in the Freeware Advanced Audio Decoder 2 FAAD2, relates to the execution of a loop without sufficient restrictions on its execution count. Exploiting this vulnerability could allow an attacker to cause...

Denial Of Service (DoS)

Binutils is vulnerable to denial of service DoS attacks. The vulnerability exists in the bfdXXbfdcopyprivatebfddatacommon function in peXXigen.c in the Binary File Descriptor BFD library. An unbounded loop in this function may result in an unwritable memory space by increasing the value of the ed...

Fedora 28 : xen (2018-a7ac26523d)

x86: mishandling of debug exceptions XSA-260, CVE-2018-8897 x86 vHPET interrupt injection errors XSA-261 1576089 qemu may drive Xen into unbounded loop XSA-262 ---- update to xen-4.10.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora updat...

SUSE-SU-2018:3230-1 Security update for xen

This update for xen fixes several issues. These security issues were fixed: - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 XSA-260, bsc1090820 - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially...

openSUSE: Security Advisory for xen (openSUSE-SU-2018:1487-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLES12 Security Update : xen (SUSE-SU-2018:1216-1) (Meltdown)

This update for xen fixes several issues. These security issues were fixed : - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 XSA-260, bsc1090820 - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially...

SUSE SLES11 Security Update : xen (SUSE-SU-2018:1203-1) (Meltdown)

This update for xen fixes several issues. These security issues were fixed : - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 XSA-260, bsc1090820 - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially...

SUSE SLES12 Security Update : xen (SUSE-SU-2018:1177-1) (Meltdown)

This update for xen fixes several issues. These security issues were fixed : - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 XSA-260, bsc1090820 - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially...

SUSE SLES11 Security Update : xen (SUSE-SU-2018:1181-1) (Meltdown)

This update for xen fixes several issues. These security issues were fixed : - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 XSA-260, bsc1090820 - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially...

qemu may drive Xen into unbounded loop

ISSUE DESCRIPTION When Xen sends requests to a device model, the next expected action inside Xen is tracked using a state field. The requests themselves are placed in a memory page shared with the device model, so that the device model can communicate to Xen its progress on the request. The state...

xen: request-processing loop is unbounded in blkback

The doblockioop function in 1 drivers/xen/blkback/blkback.c and 2 drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service infinite loop and CPU consumption via a large production request index to...