75 matches found
USN-6627-1: libde265 vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that libde265 could be made to read out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a...
USN-6627-1: libde265 vulnerabilities
It was discovered that libde265 could be made to read out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. CVE-2021-35452, CVE-2021-36411, CVE-2022-43238, CVE-2022-43241,...
Ocean.doMultipleInteractions() cannot wrap ether
Lines of code Vulnerability details Bug Description doMultipleInteractions in Ocean.sol attempts to wrap ether but reverts due to a logical error. The internal helper function, doMultipleInteractions, includes the following: if msg.value != 0 balanceDeltas.increaseBalanceDeltaWRAPPEDETHERID,...
GHSA-8C37-7QX3-4C4P Blst has logical error in SigValidate in Go bindings
Impact Blst versions v0.3.0 through 0.3.10 failed to perform a signature group-check if the call to SigValidate in the Go bindings was complemented with a check for infinity. Formally speaking, infinity, or the identity element of the elliptic curve group, is a member of the group, and the...
Blst has logical error in SigValidate in Go bindings
Impact Blst versions v0.3.0 through 0.3.10 failed to perform a signature group-check if the call to SigValidate in the Go bindings was complemented with a check for infinity. Formally speaking, infinity, or the identity element of the elliptic curve group, is a member of the group, and the...
Cisco IOS XE Software 安全漏洞
Cisco IOS XE Software is an operating system from Cisco, Inc. A single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE Software that originates from a logic...
Privilege Escalation
tor:sid is vulnerable to privilege escalation. A logical error allows unsafe SOCKS4 protocol to be used but not the safe SOCKS4a protocol leading to unsafe traffic being allowed to pass...
Core functionality is not working due to revert in _verifyCreatorOrOwner()
Lines of code Vulnerability details Impact It is not possible to pause/unpause vaults and adaptors nor add staking reward tokens since the verifyCreatorOrOwner function reverts due to a logical error. Proof of Concept The following logic is used to determine if msg.sender is a creator or owner of...
ROS-20221222-02
A vulnerability in the cURL command-line utility is related to a bounds error in parsing the .netrc file. Exploitation vulnerability could allow an attacker acting remotely to transfer a specially crafted file, cause a stack-based buffer overflow, and perform a denial of service DoS attack The cU...
Google TensorFlow code issue vulnerability (CNVD-2022-80685)
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A code issue vulnerability exists in Google TensorFlow, which stems from a logical error in the organization of data, where the conversion from char to bool is undefined if the const char array is not 0...
Logical error in function getSwapOut
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. There is a logical error between lines 178-184 for function getSwapOut in contract LBRouter if amountIn != 0 activeId = LBPair.findFirstNonEmptyBinIduint24activeId, swapForY; else break; // end while if...
Cisco IOS XE Wireless Controller software denial of service vulnerability
A denial of service vulnerability exists in Cisco IOS XE Wireless Controller Software, a wireless LAN controller from Cisco, which stems from a logical error in the handling of CAPWAP Mobility The vulnerability is caused by a logic error and mismanagement of resources when handling CAPWAP Mobilit...
EulerOS Virtualization 2.10.0 : util-linux (EulerOS-SA-2022-2041)
According to the versions of the util-linux package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an...
CVE-2022-0618
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS or HTTP/2 PUSHPROMISE frame where the frame contains padding information...
Duplicate advisory: swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pgfx-g6rc-8cjv. This link is maintained to preserve external references. Original Description A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a...
CVE-2022-24666
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS fram...
Design/Logic Flaw
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS fram...
ROS-20220125-02
Nginx web server vulnerability is related to a logical error in TLS implementation when working with different protocols but using compatible certificates, such as multi-domain or wildcard certificates. certificates. Exploitation of the vulnerability could allow an attacker acting remotely to...
The vulnerability of Mac OS operating systems, related to logical errors, allows attackers to circumvent security restrictions.
The vulnerability of Mac OS operating systems arises due to a logical error in the implementation of system configuration settings. Exploiting this vulnerability allows an attacker to bypass security restrictions remotely...
The vulnerability in the processing of IPv6 traffic by the Cisco IOS XE operating system allows a attacker to trigger a service failure.
The vulnerability of Cisco IOS XE operating system’s IPv6 traffic processing is related to a logical error in the processing of certain local IPv6 traffic. Exploiting this vulnerability can allow attackers to cause service failures...