136 matches found
kernel: hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs
A vulnerability was found in the Linux kernel's hwmon subsystem, specifically in the mlxreg-fan driver. The issue arises when the driver’s sysfs interface for controlling fan speed does not properly handle cases where the requested minimum fan speed exceeds the maximum allowable value. When the...
RHEL 8 : linux-firmware (RHSA-2024:5883)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5883 advisory. The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fixes: kernel:...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that there is no check to verify that the number of entries eh-ehentries is non-zero when depth 0...
BIT-TENSORFLOW-2021-29594 Division by zero in TFLite's convolution code
TensorFlow is an end-to-end open source platform for machine learning. TFLite's convolution codehttps://github.com/tensorflow/tensorflow/blob/09c73bca7d648e961dd05898292d91a8322a9d45/tensorflow/lite/kernels/conv.cc has multiple division where the divisor is controlled by the user and not checked ...
UBUNTU-CVE-2021-46969
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Fix invalid error returning in mhiqueue mhiqueue returns an error when the doorbell is not accessible in the current state. This can happen when the device is in non M0 state, like M3, and needs to be waken-up pri...
CVE-2022-29526
...
Reverts when a User claims Voting Power of address(0) where there exists some for address(0)
Lines of code Vulnerability details Impact There is no zero address check in the delegate function in ARCDVestingVault contract. This allows address0 to be able to accumulate VotingPower. Now when there is a some Voting Power for address0, any user can delegate themselves for address0 and claim...
InterchainProposalExecutor doesn't support actions with value
Lines of code Vulnerability details Impact An interchain call consists of the target address, calldata, and value. When InterchainProposalExecutor performs the call, it passes the value along function executeProposalInterchainCalls.Call memory calls internal for uint256 i = 0; i calls.length; i++...
M-10 Unmitigated
Lines of code Vulnerability details Mitigation of M-10: Issue NOT mitigated Mitigated issue M-10: First 1 wei deposit can produce lose of user xETH funds in wxETH Fix: code-423n4/2023-05-xeth@fbb2972 The issue is similar to the standard inflation attack, except that instead of the attacker's...
SUSE CVE-2022-29526
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...
Google TensorFlow Denial of Service Vulnerability (CNVD-2023-10608)
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial-of-service vulnerability exists in Google TensorFlow, which stems from the fact that FakeQuantWithMinMaxVars will fail to assert if it is given a tensor of non-zero rank min or max. An attacker...
Google TensorFlow 输入验证错误漏洞
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. An input validation error vulnerability exists in Google TensorFlow, which stems from a segmentation error that occurs if QuantizedAdd is given a tensor of non-zero rank mininput or maxinput. An attacke...
Google TensorFlow 安全漏洞
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial-of-service vulnerability exists in Google TensorFlow, which stems from the fact that FakeQuantWithMinMaxVars will fail to assert if it is given a tensor of non-zero rank min or max. An attacker...
Google TensorFlow 输入验证错误漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google Inc. in the United States. Google TensorFlow suffers from an input validation error vulnerability that stems from a segmentation error that can be used to trigger a denial-of-service attack if...
Denial Of Service (DoS)
libtar.so is vulnerable to Denial Of Service DoS. The vulnerability exists due to an out-of-bounds read in variable gnulongname when size in header struct is set to 0 allowing an attacker to crash the system via a maliciously crafted tar file...
Incorrect Authorization
Overview std/syscall is a Go standard library package std/syscall Affected versions of this package are vulnerable to Incorrect Authorization. Go Vulnerability Report: When called with a non-zero flags parameter, the Faccessat function can incorrectly report that a file is accessible. Remediation...
AZL-43915 CVE-2022-29526 affecting package buildah 1.18.0-29
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...
AZL-47178 CVE-2022-29526 affecting package golang for versions less than 1.22.7-2
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...
AZL-38911 CVE-2022-29526 affecting package cni for versions less than 1.1.2-4
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...
AZL-45294 CVE-2022-29526 affecting package containernetworking-plugins for versions less than 1.6.1-4
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...