Linux Distros Unpatched Vulnerability : CVE-2024-35905

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf: Protect against int overflow for stack access size This patch re-introduces protection...

MinipoolManager: node operator can avoid being slashed

Lines of code Vulnerability details Impact When staking is done, a Rialto multisig calls MinipoolManager.recordStakingEnd . If the avaxTotalRewardAmt has the value zero, the MinipoolManager will slash the node operator's GGP. The issue is that the amount to slash can be greater than the GGP balan...

GSD-2022-1002511 mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node

mm/pagesalloc.c: don't create ZONEMOVABLE beyond the end of a node This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.311 by commit...

The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect

Impact An open redirect vulnerability has been found in oauth2proxy. Anyone who uses oauth2proxy may potentially be impacted. For a context detectify have an in depth blog post about the potential impact of an open redirect. Particularly see the OAuth section. tl;dr: People's authentication token...