135 matches found
AZL-44289 CVE-2022-29526 affecting package umoci 0.4.7-13
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...
DEBIAN-CVE-2022-29526
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...
AZL-33622 CVE-2022-29526 affecting package nmi for versions less than 1.8.11-2
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...
CVE-2022-29526
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...
AZL-43915 CVE-2022-29526 affecting package buildah 1.18.0-29
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...
AZL-35039 CVE-2022-29526 affecting package node-problem-detector for versions less than 0.8.15-1
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...
UBUNTU-CVE-2022-29526
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...
Privilege escalation
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...
YearnCurveVaultOperator's withdrawETH doesn't check for minAmountOut
Lines of code Vulnerability details withdrawETH effectively do not control the output token result of withdrawal as Vault token is ETH in this case, while WETH balance is controlled and no ETH - WETH deposit is done. I.e. any calls to withdrawETH with non-zero minAmountOut will fail as WETH balan...
Deposit and mint function will be rendered useless for users who are depositing using eth since balances will never be finalised
Lines of code Vulnerability details The penultimate function in NotionalV2.batchBalanceAndTradeAction calculates the withdrawals and finalises the balance as mentioned : but the following calculation will revert on an underflow since balanceState.netAssetTransferInternalPrecision is set to 0 in...
Upgraded Q -> M from 87 [1654442977298]
Judge has assessed an item in Issue 87 as Medium risk. The relevant finding follows: Issue 3 Low - Some tokens do not allow for Non-Zero to Non-Zero value approvals USDT, for example, will not allow approving a non-zero amount and then approving another non-zero amount. The approval must be reset...
Must approve 0 first
Lines of code Vulnerability details Impact Some tokens like USDT do not work when changing the allowance from an existing non-zero allowance value.They must first be approved by zero and then the actual allowance must be approved. Proof of Concept Tools Used Manual Review Recommended Mitigation...
GSD-2022-1000818 KVM: x86/mmu: make apf token non-zero to fix bug
KVM: x86/mmu: make apf token non-zero to fix bug This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.26 by commit...
GSD-2022-1000752 KVM: x86/mmu: make apf token non-zero to fix bug
KVM: x86/mmu: make apf token non-zero to fix bug This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.12 by commit...
DEBIAN-CVE-2022-26126
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isisnbnotifications.c...
PT-2022-17689 · Frrouting +3 · Frrouting +3
Name of the Vulnerable Software and Affected Versions: FRRouting versions through 8.1.0 Description: Buffer overflow vulnerabilities exist due to the use of strdup with a non-zero-terminated binary string in isis nb notifications.c. Recommendations: For versions through 8.1.0, as a temporary...
CVE-2022-26126
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isisnbnotifications.c...
Updated mysql-connector-c++ packages fix security vulnerability
Buffer overflow due to inccorect calculation in EVPPKEYdecrypt. CVE-2021-3711 Denial of Service attack due to possible non-zero terminated strings. CVE-2021-3712...
Stark Bank Data Forgery Problem Vulnerability (CNVD-2021-95641)
Stark Bank is a banking API for individual developers in Brazil. performs all banking operations through the API, simplifying and automating payments, facilitating reconciliations and scaling operations. A data forgery issue vulnerability exists in Stark Bank Ecdsa-java, which stems from a failur...
Improper Verification of Cryptographic Signature in starkbank-ecdsa
The verify function in the Stark Bank Node.js ECDSA library ecdsa-node 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...