136 matches found
Improper Verification of Cryptographic Signature in starkbank-ecdsa
The verify function in the Stark Bank Node.js ECDSA library ecdsa-node 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...
GHSA-R28H-X6HV-2FQ3 Improper Verification of Cryptographic Signature in starkbank-ecdsa
The verify function in the Stark Bank Java ECDSA library ecdsa-java 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...
GHSA-92VM-MXJF-JQF3 Improper Verification of Cryptographic Signature in starkbank-ecdsa
The verify function in the Stark Bank Python ECDSA library starkbank-ecdsa 2.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...
CVE-2021-43570
The verify function in the Stark Bank Java ECDSA library ecdsa-java 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...
CVE-2021-43572
The verify function in the Stark Bank Python ECDSA library aka starkbank-escada or ecdsa-python before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...
PYSEC-2021-426
The verify function in the Stark Bank Python ECDSA library ecdsa-python 2.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...
CVE-2021-43572
The verify function in the Stark Bank Python ECDSA library aka starkbank-escada or ecdsa-python before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...
CVE-2021-43569
The verify function in the Stark Bank .NET ECDSA library ecdsa-dotnet 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...
CVE-2021-43571
The verify function in the Stark Bank Node.js ECDSA library ecdsa-node 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...
CVE-2021-43572
The verify function in the Stark Bank Python ECDSA library aka starkbank-escada or ecdsa-python before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...
Stark Bank 数据伪造问题漏洞
Stark Bank is a banking API for individual developers in Brazil.Perform all banking operations through an API that simplifies and automates payments, facilitates reconciliations, and scales operations. Stark Bank ecdsa-elixir suffers from a Data Forgery Issue vulnerability that stems from the...
Stark Bank 数据伪造问题漏洞
Stark Bank is a banking API for individual developers in Brazil.Perform all banking operations through an API that simplifies and automates payments, facilitates reconciliations, and scales operations. Stark Bank Ecdsa-node suffers from a Data Forgery Issue vulnerability that stems from the...
Market whitelist does not work
Handle cmichel Vulnerability details The RCTreasury.marketWhitelistCheck function gets the marketWhitelistmsgSender variable and performs a special check if it's non-zero. However, there's no way to set the whitelist in the first place making this function unnecessary. Impact The market whitelist...
Yield sources cannot be swapped back
Handle shw Vulnerability details Impact The setYieldSource function of SwappableYieldSource calls the safeApprove function to approve the yield sources with the maximum allowance of transferring underlying tokens. However, according to OpenZeppelin's implementation, the safeApprove function...
Pillow Denial of Service Vulnerability (CNVD-2021-54032)
Pillow is a Python-based image processing library. a denial of service vulnerability exists in versions prior to Pillow 8.2.0, which stems from the fact that for FLI data, FliDecode does not properly check whether the block advance is non-zero, and an attacker can exploit this vulnerability to...
Design/Logic Flaw
TensorFlow is an end-to-end open source platform for machine learning. TFLite's convolution codehttps://github.com/tensorflow/tensorflow/blob/09c73bca7d648e961dd05898292d91a8322a9d45/tensorflow/lite/kernels/conv.cc has multiple division where the divisor is controlled by the user and not checked ...
PT-2024-11078 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the mhi queue function in the Linux kernel, which returns an error when the doorbell is not accessible in the current state. This can occur when the device is i...
kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c
A use-after-free flaw was found in the Linux kernel’s ext4 file system functionality when the user mount ext4 partition, with the usage of an additional debug parameter is defining an extra inode size. If this parameter has a non zero value, this flaw allows a local user to crash the system when...
kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c
A use-after-free flaw was found in the Linux kernel’s ext4 file system functionality when the user mount ext4 partition, with the usage of an additional debug parameter is defining an extra inode size. If this parameter has a non zero value, this flaw allows a local user to crash the system when...
Apache NiFi Denial of Service Vulnerability (CNVD-2018-26519)
Apache NiFi is a data-flow based data processing and distribution system of the Apache Apache Software Foundation, USA. The system supports the configuration and transformation of data routing indicator maps and system intermediary logic. A security vulnerability exists in Apache NiFi versions...