SUSE CVE-2009-0579

Linux-PAM before 1.0.4 does not enforce the minimum password age MINDAYS as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified...

SUSE CVE-2014-9657

The ttfaceloadhdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a crafted TrueType font...

SUSE CVE-2015-2325

The compilebranch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service out-of-bounds heap read and crash, or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large...

SUSE CVE-2021-44648

GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12...

SUSE CVE-2022-36086

linkedlistallocator is an allocator usable for nostd systems. Prior to version 0.10.2, the heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than 3 sizeof:: because...

First depositor can break minting of shares

Lines of code Vulnerability details Vulnerability details The calculation of exchange rate for shares in Popcorn Vault is done by dividing the total supply of shares by the totalAssets of the vault. The first depositor can mint a very small number of shares, then donate to the vault to manipulate...

Mitigation of M-03: See comments

Lines of code Vulnerability details The PR does not follow the recommended mitigation from the finding, and instead still allows under-priced bids to be added if the total value being added is at least a multiple of the minimum reserve price. Impact If, for example, the reserve price is 10 Eth,...

Upgraded Q -> M from #55 [1674745091248]

Judge has assessed an item in Issue 55 as M risk. The relevant finding follows: minimum deposit amount for tokens with non standart decimals value are too high. 0.1 can be quite a lot for tokens with small totalAmount, so this requirement can become too restrictive. For example, WBTC token have 8...

Inconsistent min deposit

Lines of code Vulnerability details Impact The first transfer in a vault that is based on ERC4626Cloned produces different results depending on whether it is done via deposit or via mint. While first deposit produces a number of shares that is 1:1 with the asset, in the case of mint, the results...

Users that send funds at a price lower than the current low bid have the funds locked

Lines of code Vulnerability details If a user contributes funds after there is no more supply left, and they don't provide a price higher than the current minimum bid, they will be unable to withdraw their funds while the NFT remains unbought. Impact Ether becomes stuck until and unless the NFT i...

in add function forgot to add not zero for minimum lp

Lines of code Vulnerability details Impact problems in the calculation of the system Proof of Concept requirebaseTokenAmount 0 && fractionalTokenAmount 0, "Input token amount is zero"; Tools Used manually Recommended Mitigation Steps add checks like basetoken --- The text was updated successfully...

Realtek HD Audio Driver December 2022 Security Update

HP has been informed of a potential security vulnerability identified in some Realtek® High-Definition Audio Windows drivers which might allow denial of service system crash. Realtek has released updated drivers to mitigate the potential vulnerability. Realtek released updates to mitigate the...

HP PC BIOS December 2022 Security Update (TOCTOU)

A potential Time-of-Check to Time-of-Use TOCTOU vulnerability has been identified in the BIOS for certain HP PC products which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability. HP has identifi...

Irrelevant error message from PrePOMarket.redeem() worries users

Lines of code Vulnerability details Impact Users may receive error messages fee = 0 whenever making a redemption from PrePOMarket contract if the redemption amout is not enough. The error message is irrelevant to users. It's related to the protocol processing the redemption. If a user receives...

SUSE SLED15 / SLES15 Security Update : python-cryptography, python-cryptography-vectors (SUSE-SU-2022:4044-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4044-1 advisory. - A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a...

Upgraded Q -> M from #336 [1668467652322]

Judge has assessed an item in Issue 336 as M risk. The relevant finding follows: L-1: Volatility accumulator can be be prevented from decaying by way of dust transactions There is no required minimum swap amount for updating the volatility accumulated. The fp.time is always updated during a swap...

kernel: scsi: scsi_debug: Fix type in min_t to avoid stack OOB

A vulnerability was found in the Linux kernel's SCSI driver, in sgcopybuffer function, where an incorrect type in the mint macro can lead to a stack out-of-bounds condition. This occurs due to sign extension of larger values, which may result in memory corruption or DoS...

Arbitrage Opportunity for Non-Sellers

Lines of code Vulnerability details Impact Non-sellers can flood the system with arbitrage auctions. Proof of Concept The seller can wait until 1 instant minute? before the end of the auction. Now the seller places a bid a couple percent above the current market price, enough to cover the seller'...

phpMyFAQ contains Weak Password Requirements

phpMyFAQ prior to version 3.1.8 has Weak Password Requirements. Version 3.1.8 introduces an eight-character minimum password length...

GHSA-2RR3-RV49-P42F phpMyFAQ contains Weak Password Requirements

phpMyFAQ prior to version 3.1.8 has Weak Password Requirements. Version 3.1.8 introduces an eight-character minimum password length...