SUSE CVE-2021-2058

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Locking. Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...

CVE-2023-41997

This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data...

CVE-2023-40445

The issue was addressed with improved UI handling. This issue is fixed in iOS 17.1 and iPadOS 17.1. A device may persistently fail to lock...

at _modifyCollateralBalance when locking and generating debt your wad is going to be negative number but at the token Collateral mapping should not have any negative numbers

Lines of code Vulnerability details Impact the protocol will not work, all functions will not work Proof of Concept you cannot set negative number to uint256 Tools Used manual Recommended Mitigation Steps change the mapping to : mappingbytes32 cType = mappingaddress safe = int256 wad public...

Price inflation by locking CVX on behalf of VotiumStrategy

Lines of code Vulnerability details Impact The price of vAfEth can be inflated with severe rounding errors as a result. Proof of Concept In VotiumStrategy the price of vAfEth is calculated by function cvxInSystem public view returns uint256 uint256 total = ILockedCvxVLCVXADDRESS.lockedBalanceOf...

CVE-2023-3781

there is a possible use-after-free write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Design/Logic Flaw

there is a possible use-after-free write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-3781

there is a possible use-after-free write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-3781

there is a possible use-after-free write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2023-26124 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a possible use-after-free write due to improper locking, which could lead to local escalation of privilege with no additional...

Google Pixel Security Breach

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a security vulnerability that stems from incorrect locking of kernel components, which may appear to use write after release. This may result in local privilege escalation without additional execute...

Microsoft Windows DirectX GpuMmu Race Condition Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of GP...

LSN-0098-1: Kernel Live Patch Security Notice

It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code.CVE-2023-3090 It...

users funds will be stuck in the BaseBranchRouter when making deposit

Lines of code Vulnerability details Impact Users are debited twice the intended amount of every underlying token deposit made at the branch port while locking deposits into the branch port. The first deposit is transferred into the BaseBranchRouter and the second into the BranchPort. The funds...

PT-2023-9460 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to incorrect locking of resources in the llcp component of the Linux kernel. This could allow an attacker to cause a denial of service. The device list needs its...

CVE-2023-32824

In rpmb , there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07912966; Issue ID: ALPS07912961...

Double free

In rpmb , there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07912966; Issue ID: ALPS07912961...

CVE-2023-32824

In rpmb , there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07912966; Issue ID: ALPS07912961...

MediaTek Chip Resource Management Error Vulnerability

MediaTek chips are a variety of chips from MediaTek, a company owned by MediaTek of China. A resource management error vulnerability exists in the MediaTek chips, which stems from an improper locking of the rpmb module, which may result in a double release...

PT-2023-24055 · Rpmb · Rpmb

Name of the Vulnerable Software and Affected Versions: rpmb affected versions not specified Description: The issue is related to a possible double free due to improper locking in rpmb, which could lead to local escalation of privilege. System execution privileges are needed for exploitation, and...