SUSE CVE-2023-50447

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter...

DEBIAN-CVE-2023-50447

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter...

CVE-2024-0607 Kernel: nf_tables: pointer math issue in nft_byteorder_eval()

A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nftbyteordereval function, where the code iterates through a loop and writes to the dst array. On each iteration, 8 bytes are written, but dst is an array of u32, so each element only has space for 4 bytes. That...

CVE-2024-0607 Kernel: nf_tables: pointer math issue in nft_byteorder_eval()

A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nftbyteordereval function, where the code iterates through a loop and writes to the dst array. On each iteration, 8 bytes are written, but dst is an array of u32, so each element only has space for 4 bytes. That...

Exploit for Cross-site Scripting in Remyandrade Math_Game

CVE-2024-24136 : Math Game Cross-Site-Scripti...

Loss of precision in calculations

Lines of code Vulnerability details The use of regular division can lead to loss of precision. This could enable certain manipulations through precision attacks. Recommendation: Use SafeMath's div for integer division. Division used in parent can lead to loss of precision. Safemath usage is...

CVE-2023-46247 Vyper has incorrect storage layout for contracts containing large arrays

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used math.ceiltype.sizeinbytes / 32. T...

PT-2023-8447

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 10.2.0 Description The issue is related to the incorrect management of code generation in the eval function of the ImageMath module in the Pillow library when processing the environment parameter. This can allow a remo...

convertedAmount set to zero because of bad math arithmetic

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The pool will be able to give an outputAmount corresponding to the rawInputAmount = 0 Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant...

Lack of Validation and Potential Overflow in _fetchInteractionId Function

Lines of code Vulnerability details Impact The lack of validation on interactionType could allow invalid values, potentially leading to unexpected interaction IDs. Additionally, if interactionType exceeds 8 bits, it could cause an overflow issue, potentially altering the token address within the...

Potential Gas and Overflow Issues with Decimal Shift Left in _convertDecimals Function

Lines of code Vulnerability details Impact The exponentiation operation in the decimal shift left scenario can lead to high gas consumption and potential integer overflow. The gas cost and risk of overflow increase with the value of the exponent, which could make the function expensive or even...

CVE-2023-45287

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...

Design/Logic Flaw

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...

CVE-2023-45287

Summary of CVE-2023-45287 (Go): Before Go 1.20, RSA-based TLS key exchanges used math/big (not constant time). RSA blinding was applied but may not fully prevent timing leaks after removal of PKCS#1 padding, potentially enabling recovery of session key bits. Go 1.20+ switched crypto/tls to a full...

PT-2023-29487

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.20 Description The issue concerns the RSA-based TLS key exchanges in Go, which used the math/big library that is not constant time. Although RSA blinding was applied to prevent timing attacks, analysis suggests this may...

phpseclib vulnerable to denial of service

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2f25-pfq3-c7h8. This link is maintained to preserve external references. Original Description In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees in binary fields can lead to a denial...

GHSA-JPR7-Q523-HX25 Duplicate Advisory: phpseclib vulnerable to denial of service

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2f25-pfq3-c7h8. This link is maintained to preserve external references. Original Description In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees in binary fields can lead to a denial...

CVE-2023-49316

In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service...

CVE-2023-49316

In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service...

Design/Logic Flaw

In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service...