406 matches found
DEBIAN-CVE-2021-47095
In the Linux kernel, the following vulnerability has been resolved: ipmi: ssif: initialize ssifinfo-client early During probe ssifinfo-client is dereferenced in error path. However, it is set when some of the error checking has already been done. This causes following kernel crash if an error pat...
UBUNTU-CVE-2021-47095
In the Linux kernel, the following vulnerability has been resolved: ipmi: ssif: initialize ssifinfo-client early During probe ssifinfo-client is dereferenced in error path. However, it is set when some of the error checking has already been done. This causes following kernel crash if an error pat...
CVE-2021-46932 Input: appletouch - initialize work before device registration
In the Linux kernel, the following vulnerability has been resolved: Input: appletouch - initialize work before device registration Syzbot has reported warning in flushwork. This warning is caused by work-func == NULL, which means missing work initialization. This may happen, since inputdev-close...
CVE-2023-31346
Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests...
PT-2024-7291 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to insufficient input validation in the ad4130 component of the Linux kernel. This can cause problems when trying to expose the internal clock on the CLK pin due t...
Use contracts-upgradeable instead of contract variants of OpenZeppelin
Lines of code Vulnerability details Impact OpenZeppelin’s contracts variants when used with upgradeability will result in negative impact on the overall contract functionality. Check this OpenZeppelin warning about mixing contract variants with upgradeable-contract. Proof of Concept Upgradeable...
In the _initialize function of the ETHCrowdfundBase contract, when minTotalContributions is equal to maxTotalContributions, crowdfund will never reach its minimum goal in some specific scenarios
Lines of code Vulnerability details Impact In the initialize function of the ETHCrowdfundBase contract, when minTotalContributions is equal to maxTotalContributions, crowdfund will never reach its minimum goal in some specific scenarios. The ETH of users who contribute to this crowdfund will be...
Uncontrolled Resource Consumption ('Resource Exhaustion')
Overview rmagick is an an interface between Ruby and ImageMagick. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption 'Resource Exhaustion' via the DrawOptionsinitialize function in rmdraw.c. An attacker can cause a denial of service by exhausting memory resource...
OSV-2023-893 Heap-buffer-overflow in initialize_encryption_key
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62542 Crash type: Heap-buffer-overflow READ Crash state: initializeencryptionkey cliole2extract cliscanole2...
DOS the system by frontrunning the initialize function
Lines of code Vulnerability details Impact LivepeerGovernor and Treasury are vulnerable to DOS. Proof of Concept The initialize function present in these two contracts is not called just after their construction. Which is confirmed in the contract LivepeerGovernorUpgradeMock.sol while initializin...
CVE-2023-30681
An improper input validation vulnerability within initialize function in HAL VaultKeeper prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write...
Input validation
An improper input validation vulnerability within initialize function in HAL VaultKeeper prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write...
Missing __Governor_init() call in SecurityCouncilMemberRemovalGovernor's initialize() function
Lines of code Vulnerability details Bug Description The SecurityCouncilMemberRemovalGovernor contract inherits Openzeppelin's GovernorUpgradeable: SecurityCouncilMemberRemovalGovernor.solL17-L19 contract SecurityCouncilMemberRemovalGovernor is Initializable, GovernorUpgradeable, However, in its...
_scheduleUpdate() should be called during initialize ing the SecurityCouncilManager
Lines of code Vulnerability details Impact Updates will not be scheduled through timelocks and target upgrade executors by the scheduleUpdate call. Initial set of cohort members will not be scheduled. Proof of Concept In SecurityCouncilManager whenever a new member is added, or removed or swapped...
OSV-2023-567 Stack-buffer-overflow in initialize_encryption_key
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60563 Crash type: Stack-buffer-overflow READ Crash state: initializeencryptionkey cliole2extract cliscanole2...
OSV-2023-538 Heap-buffer-overflow in Gfx::BooleanDecoder::initialize
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60262 Crash type: Heap-buffer-overflow READ 7 Crash state: Gfx::BooleanDecoder::initialize Video::VP9::FrameContext::createrangedecoder Video::VP9::Parser::compressedheader...
accountsMap[ADMIN] not set in initialize function of StaderConfig contract
Lines of code Vulnerability details Impact When initializing the StaderConfig contract with the initialize function, the admin address is not set in accountsMapADMIN variable, so the getAdmin function will return address0. This will cause the loss of the ownership of the VaultProxy contract as it...
The admin address used in initialize function, can behave maliciously
Lines of code Vulnerability details N.B : This bug is different that the other one titled "Risk of losing admin access if updateAdmin set with same current admin address". Both issues are related to access control, but the impact, root cause and bug fix are different, so DO NOT mark it as dupliat...
CVE-2023-23298
The Toybox.Graphics.BufferedBitmap.initialize API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method with specially crafted parameters...
CVE-2023-23300
The Toybox.Cryptography.Cipher.initialize API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the...