169 matches found
Out-of-Bounds Write
libopenbabel.so is vulnerable to Out-of-Bounds Write. The vulnerability exists in the CSR format in the WriteMolecule function of CSRformat.cpp, which allows an attacker to inject and execute malicious code, by providing a maliciously crafted file...
CVE-2022-41793
An out-of-bounds write vulnerability exists in the CSR format title functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2022-41793
An out-of-bounds write vulnerability exists in the CSR format title functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2022-41793
An out-of-bounds write vulnerability exists in the CSR format title functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...
Open Babel CSR format title out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2022-1667 Open Babel CSR format title out-of-bounds write vulnerability July 21, 2023 CVE Number CVE-2022-41793 SUMMARY An out-of-bounds write vulnerability exists in the CSR format title functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially...
PT-2023-4402
Name of the Vulnerable Software and Affected Versions Open Babel versions 3.1.1 through master commit 530dbfa3 Description An out-of-bounds write issue exists in the CSR format title functionality. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a...
SUSE CVE-2011-3848
Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request CSR to arbitrary locations via 1 a double-encoded key parameter in the URI in 2.7.x, 2 the CN in the Subject of a CSR in 2.6 and 0.25...
GSD-2023-1000217 Bluetooth: Fix crash when replugging CSR fake controllers
Bluetooth: Fix crash when replugging CSR fake controllers This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.159 by commit...
PT-2023-33120 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.13 Description: A potential issue exists where replugging CSR fake controllers could cause a crash. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...
PT-2024-11847 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a crash when replugging CSR fake controllers in the Linux kernel's Bluetooth component. It seems that fake CSR 5.0 clones can cause the suspend notifier to be...
PostTxProcessing can revert user transactions not interacting with Turnstile
Lines of code Vulnerability details Impact Any transaction, even those that don't interact with the Turnstile contract, can be reverted by the PostTxProcessing hook if there was a CSR specific error. Thus, the CSR module can impair the behavior of smart contracts not related to the module. Proof ...
evm_hooks ignores some important errors
Lines of code Vulnerability details Impact Some contracts and some Turnstile tokens nfts wll not be able to receive CSR fees forever. Proof of Concept In evmhooks.go, the PostTxProcessing will call h.processEventsctx, receipt to handle Register and Assign events from Turnstile contract first:...
Incorrect revenue calculation will lead to revenue theft through proxy attacks
Lines of code Vulnerability details Impact The incorrect way revenue is calculated can lead to CSR being stolen through proxy attacks, which is likely to lead the ecology into CSR bribery war. Eventually, this feature will translate into reduced gas fees for all transactions, regardless of whethe...
Akamai Aids India Through Corporate Social Responsibility Partnerships
Akamai’s Corporate Social Responsibility Trust partners with nonprofit organizations to help enhance the lives of people across India...
Authentication Bypass
github.com/hashicorp/consul is vulnerable to authentication bypass. The vulnerability exists in autoconfigendpoint.go and leaderconnectca.go because the URI length checks are not added to CSR requests which allows an attacker to designate multiple SAN URI values in a call to the endpoint...
CVE-2022-40716
HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."...
Design/Logic Flaw
HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."...
CVE-2022-40716
HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."...
CVE-2022-34831
An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an identifier for one o...
CVE-2022-34831
An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an identifier for one o...