Lucene search
K

264 matches found

RedHat Linux
RedHat Linux
added 2024/01/23 5:33 p.m.1 views

kernel: netfilter: potential slab-out-of-bound access due to integer underflow

An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h-nets array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local...

7.8CVSS6.8AI score0.00514EPSS
Exploits1References5
Code423n4
Code423n4
added 2024/01/08 12:0 a.m.15 views

Miscalculation of OLAS Amount Due to Inaccurate LP Token Price in Specific Bonding Mechanism Scenarios

Lines of code Vulnerability details Impact Incorrect valuation of the LP Token price can result in either an excess issuance of OLAS Tokens, causing a loss to the protocol, or a lower issuance of OLAS Tokens, leading to losses for the user. Proof of Concept The prototype of the create function in...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/12/21 12:0 a.m.11 views

Decimals of LendingPool don't take into account the offset introduced by VIRTUAL_SHARES

Lines of code Vulnerability details Impact The impact of this finding is more on the marketing/data fetching side, on exchanges it would appear that the shares are worth less VIRTUALSHARES than the underlying token. Given that it would influence the perception of the value of the shares token,...

7AI score
Exploits0
OSV
OSV
added 2023/12/13 8:15 p.m.4 views

PYSEC-2023-307

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used math.ceiltype.sizeinbytes / 32. T...

7.5CVSS7.1AI score0.00692EPSS
Exploits0References3
Code423n4
Code423n4
added 2023/12/08 12:0 a.m.15 views

Upgraded Q -> 2 from #677 [1702060237936]

Judge has assessed an item in Issue 677 as 2 risk. The relevant finding follows: L-04 Deposited amounts in the EigenLayer strategy should be checked before updating the strategy for the asset Users deposit in this protocol and the protocol deposits these funds to EigenLayer strategy contracts...

7AI score
Exploits0
Hacker One
Hacker One
added 2023/12/04 3:30 a.m.79 views

Ruby: DoS in bigdecimal's sqrt function due to miscalculation of loop iterations

Vulnerability description not provided...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/11/28 3:40 p.m.2 views

kernel: netfilter: potential slab-out-of-bound access due to integer underflow

An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h-nets array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local...

7.8CVSS6.8AI score0.00514EPSS
Exploits1References5
OSV
OSV
added 2023/11/28 2:15 p.m.4 views

CVE-2023-6239

Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object...

8.8CVSS5.8AI score0.00568EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/11/21 11:20 a.m.4 views

kernel: netfilter: potential slab-out-of-bound access due to integer underflow

An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h-nets array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local...

7.8CVSS6.8AI score0.00514EPSS
Exploits1References5
Code423n4
Code423n4
added 2023/11/17 12:0 a.m.21 views

LinearBondingCurve.log2 function contains an incorrect shift operation that could lead to wrong calculation.

Lines of code Vulnerability details Impact The values in the shift operation are reversed. The provided inline assembly code for the log2 function appears to be an issue in the sequence of shift operations. Let's break down the relevant part of the code: r := or r, byte and0x1f, shrshrr, x,...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/11/15 12:0 a.m.10 views

Malicious first depositor can steal all funds from all future depositors

Lines of code Vulnerability details Impact Due to a miscalculation in LRTOraclegetRSETHPrice, users who call LRTDepositPooldepositAsset when rsETH.totalSupply is non-zero will receive fewer rsETH tokens than they should due to a rounding error. This can be exploited by a malicious first depositor...

7AI score
Exploits0
OSV
OSV
added 2023/10/13 11:6 a.m.5 views

OESA-2023-1730 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h-nets array offset, providing attackers with the primitive to arbitrarily...

7.8CVSS6.5AI score0.00514EPSS
Exploits1References2
Veracode
Veracode
added 2023/10/12 7:21 a.m.32 views

Denial Of Service (DoS) Through Infinite Loop

libX11.so is vulnerable to Denial of Service DoS. The vulnerability is due to incorrect calculation of SubImageWidth in the PutSubImage function when communicating with an X server which creates oversized requests. This miscalculation triggers an infinite loop, potentially leading to a Denial of...

5.5CVSS6.7AI score0.00461EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2023/09/25 9:15 p.m.19 views

CVE-2023-42753

An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h-nets array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local...

7.8CVSS7.4AI score0.00514EPSS
Exploits1References32
OSV
OSV
added 2023/09/25 9:15 p.m.2 views

DEBIAN-CVE-2023-42753

An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h-nets array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local...

7.8CVSS6.4AI score0.00514EPSS
Exploits1References1
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.7 views

Total stake will be incorrectly reduced if the transcoder was already deactivated.

Lines of code Vulnerability details Impact This will result in the total active stake being incorrectly calculated in future rounds. Some transcoders may get more or less rewards than they should. Proof of Concept The key functions involved are: slashTranscoder - Called to slash a transcoder...

6.7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/09/02 1:54 a.m.2 views

SUSE CVE-2023-40574

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the writePixelBGRX function. This issue is likely down to incorrect calculations of the nHeight and srcStep variables. This issue has...

6.5CVSS6.8AI score0.01027EPSS
Exploits1References5
OSV
OSV
added 2023/08/07 4:15 a.m.5 views

CVE-2023-20798

In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07147572; Issue ID: ALPS07421076...

4.4CVSS6.1AI score0.00088EPSS
Exploits0References1
Code423n4
Code423n4
added 2023/07/14 12:0 a.m.14 views

IF THE UNDERLYING ASSET IS A FEE ON TRANSFER TOKEN IT COULD BREAK THE INTERNAL ACCOUNTING OF THE VAULT

Lines of code Vulnerability details Impact The Vault.deposit function is used by the users to deposit assets to the vault and mint vault shares to the recipient address. The amount of assets are transferred to the Vault as follows: SafeERC20.safeTransferFrom asset, caller, addressthis,...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/06/12 12:0 a.m.13 views

The initial total supply of the role can be miscalculated in some cases

Lines of code Vulnerability details Impact Due to miscalculations during LlamaPolicy contract deployment the initial supply of the role can be set wrongly. And most of strategies will not work as intended. Moreover users will not be able to start an Action for some strategies as well. Proof of...

6.7AI score
Exploits0
Rows per page
Query Builder