635 matches found
PT-2025-25885 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel, specifically in the openvswitch component. The issue occurs when the ovs dp cmd new function fails during datapath creation...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-67111)
Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause unauthorized creation, deletion, or modification access to critical data or all MySQL Server-accessible data, as well as cau...
SUSE CVE-2018-1000155
OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID DataPath IDentifier in the featuresreply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network...
SUSE CVE-2020-3350
A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. A...
SUSE CVE-2021-29962
Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 89...
Exploit for Race Condition in Apple Ipados
CVE-2022-42864: Diabolical Cookies What is this repo? This...
A Secure User Authentication Method – Planning is More Important than Ever
When considering authentication providers, many organizations consider the ease of configuration, ubiquity of usage, and technical stability. Organizations cannot always be judged on those metrics alone. There is an increasing need to evaluate company ownership, policies and the stability, or...
Existential Risk and the Fermi Paradox
We know that complexity is the worst enemy of security, because it makes attack easier and defense harder. This becomes catastrophic as the effects of that attack become greater. In A Hackers Mind coming in February 2023, I write: Our societal systems, in general, may have grown fairer and more...
kernel: bpf, cpumap: Handle skb as well when clean up ptr_ring
An incorrect object type handling flaw was found in the Linux kernel's BPF cpumap implementation in the cleanup path. A local user can trigger this issue by running XDP redirect operations in SKB mode with the cpumap, causing the cleanup code to incorrectly treat socket buffers as XDP frames when...
kernel: scsi: lpfc: Fix call trace observed during I/O with CMF enabled
A vulnerability has been identified in the lpfc module within the Linux kernel. This flaw occurs because the driver attempts to access per-CPU data from a preemptible context using an incorrect function. This improper handling of critical data can lead to system instability and result in a...
kernel: ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce()
A vulnerability was found in the Linux kernel's ethtool implementation in the ioctl handling of coalesce settings, where the system attempts to change coalesce settings using the ethtoolsetcoalesce function without verifying the availability of both the .getcoalesce and .setcoalesce callbacks,...
kernel: scsi: lpfc: Fix call trace observed during I/O with CMF enabled
A vulnerability has been identified in the lpfc module within the Linux kernel. This flaw occurs because the driver attempts to access per-CPU data from a preemptible context using an incorrect function. This improper handling of critical data can lead to system instability and result in a...
Mozilla: Denial of Service via window.print
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a website called window.print causing a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings...
CVE-2022-31486
An authenticated attacker can send a specially crafted route to the “editroute.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303...
ALPINE-CVE-2022-26358
IOMMU: RMRR VT-d and unity map AMD-Vi handling issues This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Certain PCI devices in a system might be assigned Reserved Memory Regions specified via Reserved Memory Region...
Cisco Nexus 9000 Series Switches Bidirectional Forwarding Detection DoS (cisco-sa-nxos-bfd-dos-wGQXrzxn)
According to its self-reported version, Cisco NX-OS Software for Cisco Nexus 9000 Series Switches is affected by a denial of service vulnerability. The vulnerability exists in the rate limiter for Bidirectional Forwarding Detection BFD traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series...
Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial-of-Service Vulnerability
A vulnerability in the Border Gateway Protocol BGP over an Ethernet Virtual Private Network EVPN for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service DoS condition, or potentially corrupt the BGP routing table,...
Checks missing while adding rewards
Handle csanuragjain Vulnerability details Impact Reward amount higher than contract reward balance can bring instability in the contract Proof of Concept 1. In FarmingPools.sol contract check notifyRewardAmounts function 2. Observe there is no check to see if added reward is higher than contract...
Duplicate Collateral could cause financial instability
Handle csanuragjain Vulnerability details Impact Duplicate collaterals can be added which makes getValidCollateral return duplicate items. This impacts all function which uses getValidCollateral function like getPendingCollRewards, which will now calculate the pending reward twice for the duplica...
Unwhitelisted token can cause disaster
Handle csanuragjain Vulnerability details Impact Contract instability and financial loss. This will happen if one of the allowed contract calls sendCollaterals with non whitelisted token may happen with user input on allowed contract Proof of Concept 1. Navigate to contract at 2. Assume...