SUSE CVE-2016-1016

Use-after-free vulnerability in the Transform object implementation in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via a flash.geom.Matrix callback, a different...

SUSE CVE-2016-1655

Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted extension...

SUSE CVE-2016-1662

extensions/renderer/gccallback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via unknown vectors...

SUSE CVE-2016-2549

sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service deadlock via a crafted ioctl call...

SUSE CVE-2016-5253

The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link...

SUSE CVE-2016-7912

Use-after-free vulnerability in the ffsusercopyworker function in drivers/usb/gadget/function/ffs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call...

SUSE CVE-2016-8863

Heap-based buffer overflow in the createurllist function in gena/genadevice.c in Portable UPnP SDK aka libupnp before 1.6.21 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an...

SUSE CVE-2017-8071

drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a spinlock without considering that sleeping is possible in a USB HID request callback, which allows local users to cause a denial of service deadlock via unspecified vectors...

SUSE CVE-2017-8301

LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSLgetverifyresult is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx...

SUSE CVE-2017-8905

Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215...

SUSE CVE-2018-14678

An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xenfailsafecallback entry point in arch/x86/entry/entry64.S does not properly maintain RBX, which allows local users to cause a denial of service uninitialized memory usage and system crash. Within Xen...

SUSE CVE-2018-20449

The hidmachanstats function in drivers/dma/qcom/hidmadbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "callback=" lines in a debugfs file...

SUSE CVE-2019-14864

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag nolog set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data...

SUSE CVE-2021-3588

The clifeatreadcb function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading...

SUSE CVE-2022-3697

A flaw was found in Ansible in the amazon.aws collection when using the towercallback parameter from the amazon.aws.ec2instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs...

SUSE CVE-2022-32221

When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the...

claimRewards is not re-entrancy safe.

Lines of code Vulnerability details Impact In MultiRewardStaking the function claimRewards doesn’t have nonReentrant which makes it possible to re-enter the function. If one of the reward tokens in ERC-777 token, it is possible to re-enter and claim the reward again and again until the contract i...

[H-01] Reentrancy attack is possible when using ERC777 tokens in DripsHub

Lines of code Vulnerability details H-01 Reentrancy attack is possible when using ERC777 tokens in DripsHub Impact: Some ERC20 tokens implement the EIP 777 interface including the tokensToSend hook, which performs a callback to the user from which tokens will be transferred before the tokens are...

The LendgineRouter.burn() will always REVERT due to the callback function forgot to send the due token0 back.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The LendgineRouter.burn will always REVERT due to the callback function forgot to send the due token0 back. The callback function pairMintCallback is supposed to send back amount0 amount of token0 back ...

Debian DSA-5330-1 : curl - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5330 advisory. Two vulnerabilities were discovered in Curl, an easy-to-use client-side URL transfer library, which could result in denial of service or information disclosure. F...