Lucene search
+L

112 matches found

Vulnrichment
Vulnrichment
added 2024/08/17 9:21 a.m.21 views

CVE-2024-43842 wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: Fix array index mistake in rtw89stainfogetiter In rtw89stainfogetiter 'status-hegi' is compared to array size. But then 'rate-hegi' is used as array index instead of 'status-hegi'. This can lead to go beyond array...

6.8AI score0.00218EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/08/17 9:21 a.m.18 views

CVE-2024-43842

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: Fix array index mistake in rtw89stainfogetiter In rtw89stainfogetiter 'status-hegi' is compared to array size. But then 'rate-hegi' is used as array index instead of 'status-hegi'. This can lead to go beyond array...

7.8CVSS5.6AI score0.00218EPSS
Exploits0
OSV
OSV
added 2024/08/17 9:21 a.m.12 views

CVE-2024-43842 wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: Fix array index mistake in rtw89stainfogetiter In rtw89stainfogetiter 'status-hegi' is compared to array size. But then 'rate-hegi' is used as array index instead of 'status-hegi'. This can lead to go beyond array...

7.8CVSS6AI score0.00218EPSS
Exploits0References8
CVE
CVE
added 2024/08/17 9:21 a.m.180 views

CVE-2024-43842

CVE-2024-43842 : In the Linux kernel wifi driver rtw89, a bounds check bug in rtw89_sta_info_get_iter() occurs when comparing status->he_gi to the array size, but rate->he_gi is used as the index. This copy-paste mistake can lead to out-of-bounds access if rate->he_gi != status->he_gi...

7.8CVSS6.5AI score0.00218EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/07/12 12:0 a.m.33 views

RHEL 6 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: EncryptInterceptor documentation mistake CVE-2022-29885 - tomcat: Open Redirect vulnerability in...

7.5CVSS8.2AI score0.73139EPSS
Exploits7References4
Cvelist
Cvelist
added 2024/06/12 8:3 a.m.35 views

CVE-2024-2698 Freeipa: delegation rules allow a proxy service to impersonate any user to access another target service

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the checkallowedtodelegate function: If the target service...

8.8CVSS0.00667EPSS
Exploits0References7
OSV
OSV
added 2024/03/06 10:59 a.m.28 views

BIT-ENVOY-2021-21378 JWT authentication bypass with unknown issuer token

Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list when Envoy's JWT Authentication filter is configured with the allowmissing requirement under...

8.2CVSS8.2AI score0.0171EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/01/23 5:25 p.m.1 views

kernel: netfilter: potential slab-out-of-bound access due to integer underflow

An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h-nets array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local...

7.8CVSS6.8AI score0.00514EPSS
Exploits1References5
NVD
NVD
added 2023/10/30 11:15 p.m.8 views

CVE-2023-45804

Rejected reason: User requested a CVE number by mistake...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/10/26 12:0 a.m.11 views

Usury from simple mistake

Lines of code Vulnerability details Impact A borrower making a simple mistake might be forced to pay an extortionate interest rate for en extended period of time. Severity rating I was hovering between Medium and High on this one. Medium because it is based on a user mistake. On the other hand, t...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/10/11 12:0 a.m.13 views

Same multiple delegate values result in wrong calculation of delegated votes

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. If by mistake same delegate value is given multiple times to targets array then delegation of votes is wrongly calculated. Proof of Concept Provide direct links to all referenced code in GitHub. Add...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/09/15 11:13 a.m.37 views

The Interdependence between Automated Threat Intelligence Collection and Humans

The volume of cybersecurity vulnerabilities is rising, with close to 30% more vulnerabilities found in 2022 vs. 2018. Costs are also rising, with a data breach in 2023 costing $4.45M on average vs. $3.62M in 2017. In Q2 2023, a total of 1386 victims were claimed by ransomware attacks compared wit...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/04/13 2:0 a.m.19 views

Google Pay accidentally handed out free money, bug now fixed

Days ago, several Google Pay users in the US received some unexpected cashback from Google, congratulating them "for dogfooding the Google Pay Remittance experience". Confused and a tad happy, some looked to Twitter for answers, while others aired their experiences on the /r/googlepay/ Reddit pag...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2023/03/20 12:0 a.m.12 views

Short positions can be burned while holding collateral

Lines of code Vulnerability details Impact Users can permanently lose a portion of their collateral due to a malicious attacker or their own mistake. Vulnerability Details In the ShortToken contract, adjustPosition is used to handle changes to a short position's short or collateral amounts. The...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/03/09 12:0 a.m.12 views

Upgraded Q -> 2 from #17 [1678363178694]

Judge has assessed an item in Issue 17 as 2 risk. The relevant finding follows: 5. Duplicated swingTrader addresses can be added which make sellMalt/buyMalt working incorrectly Details In function addSwingTrader, there is no check to ensure swingTrader address is not existed. So admin can make a...

6.8AI score
Exploits0
Huntr
Huntr
added 2023/02/14 6:6 p.m.30 views

Privilege escalation from user with "add user" to super admin

Description Before I created this submission, I read this report: https://huntr.dev/bounties/258cd498-7275-4b12-ac73-79c9ba3e58e4/. I was afraid that my submission would be a duplicate of that. After reading it carefully, I decided to make a report because my report is not exploiting the backup...

6.5CVSS8.3AI score0.00876EPSS
Exploits1
Debian CVE
Debian CVE
added 2023/01/11 12:0 a.m.49 views

CVE-2023-22947

Insecure folder permissions in the Windows installation path of Shibboleth Service Provider SP before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt rather than...

7.3CVSS7.2AI score0.00309EPSS
Exploits1
Code423n4
Code423n4
added 2022/11/14 12:0 a.m.9 views

Upgraded Q -> M from #323 [1668467355303]

Judge has assessed an item in Issue 323 as M risk. The relevant finding follows: L00: beforeTokenTransfer function called with wrong params in LBToken Line 237 seems to be a copy pasta mistake from line 209 in LBToken.sol. On line 237 when burning tokens, to should be zero, and amount of from's...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/10/30 12:0 a.m.9 views

1-phase governor changing in Fed

Lines of code Vulnerability details Impact Mistake in calling this function setting 0-address or just wrong address will lead to full control loosing Tools Used vs code Recommended Mitigation Steps Do 2-phase changing like in DolaBorrowingRights.setPendingOperator and...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/10/23 12:0 a.m.11 views

Future tier can be removed

Lines of code Vulnerability details Impact A newly created tier can be marked as removed right after it was added if this tier's ID was mistakenly removed earlier. Proof of Concept The recordRemoveTierIds function doesn't check whether a tier ID exists or not JBTiered721DelegateStore.solL890:...

6.7AI score
Exploits0
Rows per page
Query Builder