112 matches found
CVE-2024-43842 wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: Fix array index mistake in rtw89stainfogetiter In rtw89stainfogetiter 'status-hegi' is compared to array size. But then 'rate-hegi' is used as array index instead of 'status-hegi'. This can lead to go beyond array...
CVE-2024-43842
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: Fix array index mistake in rtw89stainfogetiter In rtw89stainfogetiter 'status-hegi' is compared to array size. But then 'rate-hegi' is used as array index instead of 'status-hegi'. This can lead to go beyond array...
CVE-2024-43842 wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: Fix array index mistake in rtw89stainfogetiter In rtw89stainfogetiter 'status-hegi' is compared to array size. But then 'rate-hegi' is used as array index instead of 'status-hegi'. This can lead to go beyond array...
CVE-2024-43842
CVE-2024-43842 : In the Linux kernel wifi driver rtw89, a bounds check bug in rtw89_sta_info_get_iter() occurs when comparing status->he_gi to the array size, but rate->he_gi is used as the index. This copy-paste mistake can lead to out-of-bounds access if rate->he_gi != status->he_gi...
RHEL 6 : tomcat (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: EncryptInterceptor documentation mistake CVE-2022-29885 - tomcat: Open Redirect vulnerability in...
CVE-2024-2698 Freeipa: delegation rules allow a proxy service to impersonate any user to access another target service
A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the checkallowedtodelegate function: If the target service...
BIT-ENVOY-2021-21378 JWT authentication bypass with unknown issuer token
Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list when Envoy's JWT Authentication filter is configured with the allowmissing requirement under...
kernel: netfilter: potential slab-out-of-bound access due to integer underflow
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h-nets array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local...
CVE-2023-45804
Rejected reason: User requested a CVE number by mistake...
Usury from simple mistake
Lines of code Vulnerability details Impact A borrower making a simple mistake might be forced to pay an extortionate interest rate for en extended period of time. Severity rating I was hovering between Medium and High on this one. Medium because it is based on a user mistake. On the other hand, t...
Same multiple delegate values result in wrong calculation of delegated votes
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. If by mistake same delegate value is given multiple times to targets array then delegation of votes is wrongly calculated. Proof of Concept Provide direct links to all referenced code in GitHub. Add...
The Interdependence between Automated Threat Intelligence Collection and Humans
The volume of cybersecurity vulnerabilities is rising, with close to 30% more vulnerabilities found in 2022 vs. 2018. Costs are also rising, with a data breach in 2023 costing $4.45M on average vs. $3.62M in 2017. In Q2 2023, a total of 1386 victims were claimed by ransomware attacks compared wit...
Google Pay accidentally handed out free money, bug now fixed
Days ago, several Google Pay users in the US received some unexpected cashback from Google, congratulating them "for dogfooding the Google Pay Remittance experience". Confused and a tad happy, some looked to Twitter for answers, while others aired their experiences on the /r/googlepay/ Reddit pag...
Short positions can be burned while holding collateral
Lines of code Vulnerability details Impact Users can permanently lose a portion of their collateral due to a malicious attacker or their own mistake. Vulnerability Details In the ShortToken contract, adjustPosition is used to handle changes to a short position's short or collateral amounts. The...
Upgraded Q -> 2 from #17 [1678363178694]
Judge has assessed an item in Issue 17 as 2 risk. The relevant finding follows: 5. Duplicated swingTrader addresses can be added which make sellMalt/buyMalt working incorrectly Details In function addSwingTrader, there is no check to ensure swingTrader address is not existed. So admin can make a...
Privilege escalation from user with "add user" to super admin
Description Before I created this submission, I read this report: https://huntr.dev/bounties/258cd498-7275-4b12-ac73-79c9ba3e58e4/. I was afraid that my submission would be a duplicate of that. After reading it carefully, I decided to make a report because my report is not exploiting the backup...
CVE-2023-22947
Insecure folder permissions in the Windows installation path of Shibboleth Service Provider SP before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt rather than...
Upgraded Q -> M from #323 [1668467355303]
Judge has assessed an item in Issue 323 as M risk. The relevant finding follows: L00: beforeTokenTransfer function called with wrong params in LBToken Line 237 seems to be a copy pasta mistake from line 209 in LBToken.sol. On line 237 when burning tokens, to should be zero, and amount of from's...
1-phase governor changing in Fed
Lines of code Vulnerability details Impact Mistake in calling this function setting 0-address or just wrong address will lead to full control loosing Tools Used vs code Recommended Mitigation Steps Do 2-phase changing like in DolaBorrowingRights.setPendingOperator and...
Future tier can be removed
Lines of code Vulnerability details Impact A newly created tier can be marked as removed right after it was added if this tier's ID was mistakenly removed earlier. Proof of Concept The recordRemoveTierIds function doesn't check whether a tier ID exists or not JBTiered721DelegateStore.solL890:...