SUSE CVE-2026-1229

The CombinedMult function in the CIRCL ecc/p384 package secp384r1 curve produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3...

EUVD-2022-49211

Malicious code in bioql PyPI...

CVE-2022-46402

The Microchip RN4870 module firmware 1.43 and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112 accepts PairConrmSend with incorrect values...

Improper Input Validation

vyper is vulnerable to Improper Input Validation. The vulnerability is caused by improper handling of memory or storage arguments in the rawlog builtin, which results in incorrect values being logged when these arguments are used as topics...

GHSA-XCHQ-W5R3-4WG3 vyper performs incorrect topic logging in raw_log

Summary Incorrect values can be logged when rawlog builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. In particular, no uses of rawlog were found at all in production; it is apparently not ...

vyper performs incorrect topic logging in raw_log

Summary Incorrect values can be logged when rawlog builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. In particular, no uses of rawlog were found at all in production; it is apparently not ...

CVE-2024-32645 vyper performs incorrect topic logging in raw_log

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when rawlog builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in...

CVE-2024-32645

Vyper (Pythonic smart contract language for the EVM) is affected by CVE-2024-32645 in versions 0.3.10 and earlier. The root cause is in the RawLog.build_IR path: it fails to unwrap variables provided as topics, causing incorrect values to be logged as topics. As of publication, no fixed version i...

The GovernorSettings are set to incorrect values

Lines of code Vulnerability details When ODGovernor is deployed the GovernorSettings is initialized with the initialVotingDelay, initialVotingPeriod and initialProposalThreshold. The problem is that the initialVotingDelay and initialVotingPeriod are set to incorrect values which are really small...

Mozilla Firefox and Firefox ESR Denial of Service Vulnerability (CNVD-2023-68212)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Firefox ESR is Firefox Enterprise Edition. A denial of service vulnerability exists in Mozilla Firefox and Mozilla Firefox ESR that stems from incorrect values used during WASM compilation. An attacker c...

CVE-2022-40538

Transient DOS due to reachable assertion in modem while processing sib with incorrect values from network...

CVE-2022-40538 Reachable assertion in Modem

Transient DOS due to reachable assertion in modem while processing sib with incorrect values from network...

CVE-2022-40538

CVE-2022-40538: A transient DoS due to a reachable assertion in the modem while processing a System Information Block (SIB) with incorrect values from the network. Documented as affecting Qualcomm chipsets/modem and exposed over a network (no user interaction). CVSSv3.1 base score 7.5 (HIGH): Net...

PT-2023-13822 · Qualcomm · Snapdragon +15

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a Transient Denial of Service DOS that occurs due to a reachable assertion in the modem. This happens when the modem processes a...

CVE-2022-46402

The Microchip RN4870 module firmware 1.43 and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112 accepts PairConrmSend with incorrect values...

CVE-2022-31169

Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtime. This affects Wasmtime prior to version 0.38.2 and Cranelift prior to 0.85.2. This issue only...

CVE-2022-31104

Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime's implementation of the SIMD proposal for WebAssembly on x8664 contained two distinct bugs in the instruction lowerings implemented in Cranelift. The aarch64 implementation of the simd proposal is not affected. The bu...

Design/Logic Flaw

DISPUTED In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of service, is...