212 matches found
CVE-2024-34045
The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo-countersININITIMSGCOUNTERProcedureCodeidE2setup-Increment...
O-RAN E2T 安全漏洞
O-RAN E2T is an application from O-RAN, Inc. A security vulnerability exists in O-RAN E2T that stems from a possible crash in the indicator increment function...
PT-2024-25663 · Unknown · O-Ran E2T I-Release
Name of the Vulnerable Software and Affected Versions: O-RAN E2T I-Release affected versions not specified Description: The issue concerns the O-RAN E2T I-Release Prometheus metric Increment function, which can crash in sctpThread.cpp. This crash occurs when the Increment function is called for...
CVE-2024-34046
The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo-sctpParams-e2tCountersINSUCCMSGCOUNTERProcedureCodeidRICsubscription-Increment...
CVE-2024-34045
The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo-countersININITIMSGCOUNTERProcedureCodeidE2setup-Increment...
CVE-2022-48632
In the Linux kernel, the following vulnerability has been resolved: i2c: mlxbf: prevent stack overflow in mlxbfi2csmbusstarttransaction memcpy is called in a loop while 'operation-length' upper bound is not checked and 'dataidx' also increments...
BIT-TENSORFLOW-2021-29512 Heap buffer overflow in `RaggedBinCount`
TensorFlow is an end-to-end open source platform for machine learning. If the splits argument of RaggedBincount does not specify a valid SparseTensorhttps://www.tensorflow.org/apidocs/python/tf/sparse/SparseTensor, then an attacker can trigger a heap buffer overflow. This will cause a read from...
GHSA-7G9J-G5JG-3VV3 Unauthenticated Nonce Increment in snow
Impact There was a logic bug where unauthenticated payloads could still cause a nonce increment in snow's internal state. For an attacker with the ability to inject packets into the channel Noise is talking over, this allows a denial-of-service type attack which could prevent communication as it...
Unauthenticated Nonce Increment in snow
Impact There was a logic bug where unauthenticated payloads could still cause a nonce increment in snow's internal state. For an attacker with the ability to inject packets into the channel Noise is talking over, this allows a denial-of-service type attack which could prevent communication as it...
RUSTSEC-2024-0011 Unauthenticated Nonce Increment in snow
There was a logic bug where unauthenticated payloads could still cause a nonce increment in snow's internal state. For an attacker with privileges to inject packets into the channel over which the Noise session operates, this could allow a denial-of-service attack which could prevent message...
Unauthenticated Nonce Increment in snow
There was a logic bug where unauthenticated payloads could still cause a nonce increment in snow's internal state. For an attacker with privileges to inject packets into the channel over which the Noise session operates, this could allow a denial-of-service attack which could prevent message...
PT-2025-31024 · Snow · Snow
Name of the Vulnerable Software and Affected Versions: snow crate versions prior to 0.9.5 Description: The snow crate, when using stateful TransportState, allows incrementing a nonce, potentially leading to denial of message delivery. Recommendations: Update to snow crate version 0.9.5 or later...
Overflow potential
Lines of code Vulnerability details Overflow: Be cautious about integer overflow when incrementing size. Depending on how the size variable is used in your contract, it might be beneficial to check for potential overflow conditions. requiresize typeuint256.max, "Heap size exceeds maximum"; Assess...
voteForManyWithSig functions in CultureIndex are open to replay attacks if fails.
Lines of code Vulnerability details Impact If vote fails or reverts for any reason, the nonce in verifyVoteSignature doesn't increment. This leads to the same vote tx being replayed by anyone. Proof of Concept A user submits a vote via voteForManyWithSig, triggering verifyVoteSignature for...
The protocol is susceptible to reentrancy attacks.
Lines of code Vulnerability details Reentrancy is a well know bug in smart contract and the protocol is not handling it, The safeMint function in ERC721 make a callback to the receiver checking if they can hold a nft, this can be used to a receiver to take control of the execution of the call. in...
Last token of maximum supply can be paid, but it isn't minted nor reverted.
Lines of code Vulnerability details Description collectionCirculationSupply is incremented in each mint and it's used to check if the mint don't overtakes the collection's max supply. However, it increments before the check, which makes that although last token is in the max supply range, the...
Minting nft with Index 0 is not allowed
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The constructor of the NextGenCore.sol contract includes an increment operation for the newCollectionIndex variable, ensuring that the newCollectionIndex start from 1. While adding or modifying addition...
kernel: tcp: tcp_make_synack() can be called from process context
In the Linux kernel, the following vulnerability has been resolved: tcp: tcpmakesynack can be called from process context tcprtxsynack now could be called in process context as explained in 0a375c822497 "tcp: tcprtxsynack can be called from process context". tcprtxsynack might call tcpmakesynack,...
Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6415-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6415-1 advisory. Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow...
GHSA-J494-7X2V-VVVP mx-chain-go's relayed transactions always increment nonce
Impact When executing a relayed transaction, if the inner transaction failed, it would have increased the inner transaction's sender account nonce. This could have contributed to a limited DoS attack on a targeted account. The fix is a breaking change so a new flag RelayedNonceFixEnableEpoch was...