117 matches found
CVE-2023-50868
The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cause a denial of service CPU consumption for SHA-1 computations via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification...
CVE-2023-50868
The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cause a denial of service CPU consumption for SHA-1 computations via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification...
ISC BIND 9.0.0 < 9.16.48 / 9.9.3-S1 < 9.16.48-S1 / 9.18.0 < 9.18.24 / 9.18.11-S1 < 9.18.24-S1 / 9.19.0 < 9.19.21 Vulnerability (cve-2023-50868)
The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2023-50868 advisory. - The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attacker...
GPU kernel implementations susceptible to memory leak
Overview General-purpose graphics processing unit GPGPU platforms from AMD, Apple, and Qualcomm fail to adequately isolate process memory, thereby enabling a local attacker to read memory from other processes. An attacker with access to GPU capabilities using a vulnerable GPU's programmable...
Unverified Primitives
Lines of code Vulnerability details Impact Interacting with unverified or malicious Ocean primitives could result in loss of funds or incorrect computations. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates...
Total supply can be incorrect in ERC20
Lines of code Vulnerability details Impact totalSupply can be initialized to something different than 0, which would lead to an inaccurate total supply, and could easily break integrations, computations of market cap, etc. Proof of Concept If the constructor is called with initialSupply = 1000, t...
Denial Of Service (DoS)
fast-string-search is vulnerable to denial of service. The vulnerability exists due to incorrect computations for non-string inputs which allows an attacker to gain read access from non-permitted locations and cause an application crash...
CVE-2022-22138 Denial of Service (DoS)
All versions of package fast-string-search are vulnerable to Denial of Service DoS when computations are incorrect for non-string inputs. One can cause the V8 to attempt reading from non-permitted locations and cause a segmentation fault due to the violation...
GO-2022-0166 Denial of service due to unchecked parameters in crypto/dsa
The Verify function in crypto/dsa passed certain parameters unchecked to the underlying big integer library, possibly leading to extremely long-running computations, which in turn makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client certificates or the Go...
GO-2021-0160 Incorrect calculation affecting RSA computations in math/big
Int.Exp Montgomery mishandled carry propagation and produced an incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors. This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls. TLS servers on 32-bit systems could plausibl...
CVE-2021-40111
In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. This can be used for a Denial Of Service attack. The IMAP user nee...
wrong YAXIS estimates
Handle cmichel Vulnerability details The Harvester.getEstimates contract tries to estimate a YAXIS amount but uses the wrong path and/or amount. It currently uses a WETH input amount to compute a YAXIS - WETH trade. address memory path; path0 = IStrategystrategy.want; path1 =...
USN-5061-1: Scilab vulnerabilities
It was discovered that Scilab did not properly sanitize XML inputs. An atacker could use a crafted XML file to cause a denial of service or possibly execute arbitrary code...
hw: Information disclosure issue in Intel SGX via RAPL interface
A vulnerability was found in Intel's implementation of RAPL Running Average Power Limit. An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem...
hw: Information disclosure issue in Intel SGX via RAPL interface
A vulnerability was found in Intel's implementation of RAPL Running Average Power Limit. An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem...
hw: Information disclosure issue in Intel SGX via RAPL interface
A vulnerability was found in Intel's implementation of RAPL Running Average Power Limit. An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem...
hw: Information disclosure issue in Intel SGX via RAPL interface
A vulnerability was found in Intel's implementation of RAPL Running Average Power Limit. An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem...
Updated botan2 packages fix security vulnerability
Updated botan2 packages fix security vulnerability: In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations base32, base58, base64, and hex CVE-2021-24115...
MGASA-2021-0329 Updated botan2 packages fix security vulnerability
Updated botan2 packages fix security vulnerability: In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations base32, base58, base64, and hex CVE-2021-24115...
OPENSUSE-SU-2021:0794-1 Security update for Botan
This update for Botan fixes the following issues: - CVE-2021-24115 In Botan before 2.17.3, or this backport, constant-time computations are not used for certain decoding and encoding operations boo1182670 This update was imported from the openSUSE:Leap:15.2:Update update project...