63 matches found
CVE-2023-53336 media: ipu-bridge: Fix null pointer deref on SSDB/PLD parsing warnings
In the Linux kernel, the following vulnerability has been resolved: media: ipu-bridge: Fix null pointer deref on SSDB/PLD parsing warnings When ipubridgeparserotation and ipubridgeparseorientation run sensor-adev is not set yet. So if either of the devwarn calls about unknown values are hit this...
The vulnerability of Microprogramming Software in Control Boards is related to the presence of vulnerabilities in the borrowed components. This allows attackers to compromise the confidentiality and accessibility of the protected information.
The vulnerability of Microprogramming Software in the Wiren Board controller is related to the presence of vulnerabilities in the borrowed components. Exploiting these vulnerabilities can allow a malicious actor, operating remotely, to compromise the confidentiality and accessibility of the...
The vulnerability of the software products of the LLC “NPO “MIR” is related to the presence of vulnerabilities in the borrowed components. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the software products developed by LLC “NPO ‘MIR’ is related to the presence of vulnerabilities in the borrowed components. Exploiting these vulnerabilities could allow attackers who operate remotely to compromise the confidentiality, integrity, and accessibility of the...
PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references
The family of functions to read "borrowed" values from Python weak references were fundamentally unsound, because the weak reference does itself not have ownership of the value. At any point the last strong reference could be cleared and the borrowed value would become dangling. In PyO3 0.22.4...
GHSA-F8X4-F32R-W556 Duplicate Advisory: PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6jgw-rgmm-7cv6. This link is maintained to preserve external references. Original Advisory The family of functions to read "borrowed" values from Python weak references were fundamentally unsound, because the we...
PT-2024-40267 · Pypi · Pyo3
Name of the Vulnerable Software and Affected Versions: PyO3 versions prior to 0.23 Description: The issue concerns a family of functions in PyO3 that read "borrowed" values from Python weak references. These functions were fundamentally unsound because the weak reference does not have ownership o...
Risk of use-after-free in `borrowed` reads from Python weak references
The family of functions to read "borrowed" values from Python weak references were fundamentally unsound, because the weak reference does itself not have ownership of the value. At any point the last strong reference could be cleared and the borrowed value would become dangling. In PyO3 0.22.4...
PT-2024-41067 · Ооо 'Нпо Мир' · Scada Мир +4
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue is related to a vulnerability in a borrowed component of the software products. Exploitation of this issue may allow a remote attacker to impact the confidentiality, integrity, and...
CVE-2024-3363 SourceCodester Online Library System index.php sql injection
A vulnerability was found in SourceCodester Online Library System 1.0. It has been classified as critical. This affects an unknown part of the file admin/borrowed/index.php. The manipulation of the argument BookPublisher/BookTitle leads to sql injection. It is possible to initiate the attack...
PT-2024-25389 · Unknown · Sourcecodester Online Library System
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Library System version 1.0 Description: A critical issue has been found in the SourceCodester Online Library System. This issue affects an unknown part of the file admin/borrowed/index.php. The manipulation of the...
Online Library System SQL注入漏洞
Online Library System is an open source online library system. A SQL injection vulnerability exists in SourceCodester Online Library System version 1.0, which originates from a SQL injection vulnerability in the BookPublisher/BookTitle parameter of the admin/borrowed/index.php file...
Increase liquidity in close position may not cover original borrowed liquidity
Lines of code Vulnerability details Summary When a position is closed, there is no check to ensure that the effective added liquidity covers the original borrowed liquidity from the LP. Impact Closing a position in the Particle LAMM protocol must ensure that the borrowed liquidity gets fully adde...
THERE IS NO FUNCTIONALITY TO LIQUIDATE THE DEPRECATED MTOKEN MARKETS
Lines of code Vulnerability details Impact The Mtoken markets configured for the respective collateral asset types can get deprecated due to various reasons associated with those assets. There should be functionality in the Comptroller.liquidateBorrowAllowed function to liquidate all the borrows ...
DOLA can be borrowed without owning any DBR
Lines of code Vulnerability details Impact Although states that "one DBR token gives the right to borrow one DOLA for one year", and states that "a DOLA Fed mints DOLA to a market, which is then available to borrow for users holding DBR, using the Borrow function", users who do not own any DBR ar...
borrow must accrueInterest first
Handle cmichel Vulnerability details The UToken.borrow function first checks the borrowed balance and the old credit limit before accruing the actual interest on the market: // @audit this uses the old value requireborrowBalanceViewmsg.sender + amount + fee = amount + fee, "UToken: The loan amoun...
rust: optimization for joining strings can cause uninitialized bytes to be exposed
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed or the program to crash if the borrowed string changes after its length is checked...
In the standard library in Rust before 1.52.0 there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.
...
CVE-2020-36323
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed or the program to crash if the borrowed string changes after its length is checked...
CVE-2020-36323
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed or the program to crash if the borrowed string changes after its length is checked...
DEBIAN-CVE-2020-36323
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed or the program to crash if the borrowed string changes after its length is checked...