SUSE CVE-2021-3600

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code...

CVE-2021-42390

Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0...

CVE-2021-42391

Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0...

Design/Logic Flaw

Divide-by-zero in Clickhouse's Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0...

CVE-2021-42391

Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0...

CVE-2021-42391

Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0...

CVE-2021-42390

Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0...

CVE-2021-42390

Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0...

CVE-2021-42389

Divide-by-zero in Clickhouse's Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0...

CVE-2021-42389

Divide-by-zero in Clickhouse's Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0...

GHSA-GP6J-VX54-5PMF Incorrect validation of parties IDs leaks secret keys in Secret-sharing scheme

Summary In the threshold signature scheme, participants start by dividing secrets into shares using a secret sharing scheme. The Verifiable Secret Sharing scheme generates shares from the user’s IDs but does not properly validate them. Using a malicious ID will make other users reveal their secre...

kernel: eBPF 32-bit source register truncation on div/mod

A flaw was found in the Linux kernel’s eBPF verification code, where the eBPF 32-bit div/mod source register truncation could lead to out-of-bounds reads and writes. By default, accessing the eBPF verifier is only possible to privileged users with CAPSYSADMIN. This flaw allows a local user who ca...

UBUNTU-CVE-2021-3600

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code...

PYSEC-2021-643

TensorFlow is an end-to-end open source platform for machine learning. A malicious user could trigger a division by 0 in Conv3D implementation. The implementationhttps://github.com/tensorflow/tensorflow/blob/42033603003965bffac51ae171b51801565e002d/tensorflow/core/kernels/convops3d.ccL143-L145 do...

Design/Logic Flaw

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.QuantizedBatchNormWithGlobalNormalization. This is because the...

Insecure randomness in getPseudoRand(uint256 modulus){} function

Handle JMukesh Vulnerability details Impact insecure randomness due to a modulo on block.timestamp, now or blockhash. These can be influenced by miners to some extent so they should be avoided Proof of Concept Tools Used slither Recommended Mitigation Steps use chainlink vrf --- The text was...

PT-2021-3403 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The eBPF implementation in the Linux kernel does not properly track bounds information for 32-bit registers when performing div and mod operations. This can allow a local attacker to...

Denial Of Service (DoS)

math/big in github.com/golang/go is vulnerable to denial of service. An attacker can send a divisor or modulo argument larger than 3168 bits on 32-bit architectures or 6336 bits on 64-bit architectures to a number of math/big.Int methods Div, Exp, DivMod, Quo, Rem, QuoRem, Mod, ModInverse, ModSqr...

CVE-2020-15610

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxphppecl.php. When parsing the modulo parameter, the process does...

(0Day) CentOS Web Panel ajax_php_pecl modulo Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxphppecl.php. When parsing the modulo parameter, the process does not properly...