Existing checks with INT_MAX are insufficient such that the contract becomes dysfunctional after initial deployment of some large balance(s)

Lines of code Vulnerability details Impact EvolvingProteus.sol contains a variety of functions which detail the price in tokens to be paid in swaps, withdraws, and deposits. In external functions such as depositGivenInputAmount, as well as internal functions such as checkBalances, there exists a...

OracleVM 3.4 : kernel-uek (OVMSA-2023-0017)

The remote OracleVM system is missing necessary patches to address security updates: - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9khtcwaitfortarget function to fail with some input messages. This flaw allows a local user ...

SUSE-SU-2023:3313-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' bsc1206418. - CVE-2023-0459: Fixed information leak in uaccessbeginnospec...

SUSE-SU-2023:3311-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' bsc1206418. - CVE-2023-0459: Fixed information leak in uaccessbeginnospec...

Fixed locking period of 5 years doesn't allow the delegator to withdraw funds for atleast another 5 years

Lines of code Vulnerability details Details Let's first understand how the process of delegation, withdraw and increaseAmount works 1. Rule 1: To delegate to some user A, A.lock.end needs to be longer than msg.sender.lock.end and A.Lock.end block.timestampLock mustn't be expired...

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2023-2584)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105remove in...

Liquidator can seize more tokens than the borrower has as collateral, leading to an arithmetic underflow and locking collateral.

Lines of code Vulnerability details Impact Lack of validation on seizeTokens could allow collateral locking by underflow. Proof of Concept The liquidateBorrowFresh function does not explicitly validate that seizeTokens is less than or equal to accountTokensborrower before transferring tokens from...

User can be assigned voting power without locking tokens

Lines of code Vulnerability details Impact Using can avoid locking their tokens when adding tokens to an existing registration by calling addTokens.... Proof of Concept A malicious user can steal funds when adding tokens to an existing registration. This owing to the early return in the...

CVE-2023-3750

A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to...

AZL-27761 CVE-2023-33951 affecting package kernel for versions less than 5.15.135.1-2

A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context o...

DEBIAN-CVE-2023-33951

A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context o...

DEBIAN-CVE-2023-32257

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2SESSIONSETUP and SMB2LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage th...

CVE-2023-32258

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2LOGOFF and SMB2CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this...

CVE-2023-33951

A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context o...

CVE-2023-32257

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2SESSIONSETUP and SMB2LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage th...

AZL-27762 CVE-2023-32257 affecting package kernel for versions less than 5.15.135.1-2

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2SESSIONSETUP and SMB2LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage th...

DEBIAN-CVE-2023-32258

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2LOGOFF and SMB2CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this...

AZL-27637 CVE-2023-33951 affecting package hyperv-daemons for versions less than 5.15.158.1-1

A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context o...

AZL-27763 CVE-2023-32258 affecting package kernel for versions less than 5.15.135.1-2

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2LOGOFF and SMB2CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this...

UBUNTU-CVE-2023-32258

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2LOGOFF and SMB2CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this...