soroban-fixed-point-math has Incorrect Rounding and Overflow Handling in Signed Fixed-Point Math with Negatives

Impact Incorrect rounding direction for signed mul and div operations The mulDivx, y, z function incorrectly handled cases where both the intermediate product $x y$ and the divisor $z$ were negative. The logic assumed that if the intermediate product was negative, the final result must also be...

GHSA-FF9H-848C-4XFJ pg-promise SQL Injection vulnerability

pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers...

CVE-2025-29744

pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers...

CVE-2025-29744

pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers...

CVE-2025-29744

pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not properly handling read and write replies to negative numbers, which could lead to an integer overflow...

GHSA-PPX5-Q359-PVWJ vyper's range(start, start + N) reverts for negative numbers

Summary When looping over a range of the form rangestart, start + N, if start is negative, the execution will always revert. Details This issue is caused by an incorrect assertion inserted by the code generation of the range stmt.parseForrange:...

vyper's range(start, start + N) reverts for negative numbers

Summary When looping over a range of the form rangestart, start + N, if start is negative, the execution will always revert. Details This issue is caused by an incorrect assertion inserted by the code generation of the range stmt.parseForrange:...

CVE-2024-32481 vyper's range(start, start + N) reverts for negative numbers

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a range of the form rangestart, start + N, if start is negative, the execution will always revert. This issue is caused by an incorrect assertion...

at _modifyCollateralBalance when locking and generating debt your wad is going to be negative number but at the token Collateral mapping should not have any negative numbers

Lines of code Vulnerability details Impact the protocol will not work, all functions will not work Proof of Concept you cannot set negative number to uint256 Tools Used manual Recommended Mitigation Steps change the mapping to : mappingbytes32 cType = mappingaddress safe = int256 wad public...

PRBMATH SD59x18.exp() reverts on hugely negative numbers.

Lines of code Vulnerability details Impact ContinuousGDA.sol inherits a version of PRB Math that contains a vulnerability in the SD59x18.exp function, which can be reverted on hugely negative numbers. SD59x18.exp is used for calculations in ContinuousGDA.solpurchasePrice ,...

SUSE SLES15 Security Update : kernel RT (Live Patch 7 for SLE 15 SP4) (SUSE-SU-2023:2367-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2023:2367-1 advisory. - cbqclassify in net/sched/schcbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service slab-out-of-bounds read because of...

CVE-2023-23455

atmtcenqueue in net/sched/schatm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion non-negative numbers can sometimes indicate a TCACTSHOT condition rather than valid classification results...

Business Logic Errors in dolibarr/dolibarr

Description Dolibarr is vulnerable to Business Logic Errors in the Weight, Length x Width x Height, Area, Volume fields of a Product since these values can be negative numbers. Proof of Concept 1.After login, in the top menu bar, click Products 2.In the left menu bar, click List to view the list ...

NumPy 安全漏洞

NumPy is a Python scientific computing package. The product supports a large number of dimensional array and matrix calculations, as well as providing a large library of mathematical functions for data operations. A security vulnerability exists in NumPy prior to 1.19, which stems from a buffer...

LY Corporation: File sizes may be manipulated into negative numbers when uploading

The file sizes were manipulated into negative numbers when uploading. The message indicating insufficient storage space was displayed. However, the file size was recalculated and transmitted during the upload process, allowing the upload to proceed despite the negative file size...

PYSEC-2019-227

In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case datasize and numsegments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. Thi...

zlib: Undefined left shift of negative number

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers...

CVE-2017-14686

Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because readzipdirimp in fitz/unzip.c does not check...

CVE-2017-14686

Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because readzipdirimp in fitz/unzip.c does not check...