Lucene search
K

135 matches found

OSV
OSV
added 2022/06/23 5:15 p.m.8 views

AZL-44289 CVE-2022-29526 affecting package umoci 0.4.7-13

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

5.3CVSS6.8AI score0.02593EPSS
Exploits1References1
OSV
OSV
added 2022/06/23 5:15 p.m.3 views

DEBIAN-CVE-2022-29526

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

5.3CVSS7.1AI score0.02593EPSS
Exploits1References1
OSV
OSV
added 2022/06/23 5:15 p.m.8 views

AZL-33622 CVE-2022-29526 affecting package nmi for versions less than 1.8.11-2

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

5.3CVSS6.8AI score0.02593EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/06/23 5:15 p.m.7 views

CVE-2022-29526

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

5.3CVSS6.8AI score0.02593EPSS
Exploits1References14
OSV
OSV
added 2022/06/23 5:15 p.m.7 views

AZL-43915 CVE-2022-29526 affecting package buildah 1.18.0-29

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

5.3CVSS6.8AI score0.02593EPSS
Exploits1References1
OSV
OSV
added 2022/06/23 5:15 p.m.7 views

AZL-35039 CVE-2022-29526 affecting package node-problem-detector for versions less than 0.8.15-1

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

5.3CVSS6.8AI score0.02593EPSS
Exploits1References1
OSV
OSV
added 2022/06/23 5:15 p.m.9 views

UBUNTU-CVE-2022-29526

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

5.3CVSS6.8AI score0.02593EPSS
Exploits1References7
Prion
Prion
added 2022/06/23 5:15 p.m.22 views

Privilege escalation

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

5CVSS7.5AI score0.02593EPSS
Exploits1References9Affected Software2
Code423n4
Code423n4
added 2022/06/18 12:0 a.m.11 views

YearnCurveVaultOperator's withdrawETH doesn't check for minAmountOut

Lines of code Vulnerability details withdrawETH effectively do not control the output token result of withdrawal as Vault token is ETH in this case, while WETH balance is controlled and no ETH - WETH deposit is done. I.e. any calls to withdrawETH with non-zero minAmountOut will fail as WETH balan...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/14 12:0 a.m.13 views

Deposit and mint function will be rendered useless for users who are depositing using eth since balances will never be finalised

Lines of code Vulnerability details The penultimate function in NotionalV2.batchBalanceAndTradeAction calculates the withdrawals and finalises the balance as mentioned : but the following calculation will revert on an underflow since balanceState.netAssetTransferInternalPrecision is set to 0 in...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/05 12:0 a.m.15 views

Upgraded Q -> M from 87 [1654442977298]

Judge has assessed an item in Issue 87 as Medium risk. The relevant finding follows: Issue 3 Low - Some tokens do not allow for Non-Zero to Non-Zero value approvals USDT, for example, will not allow approving a non-zero amount and then approving another non-zero amount. The approval must be reset...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/30 12:0 a.m.9 views

Must approve 0 first

Lines of code Vulnerability details Impact Some tokens like USDT do not work when changing the allowance from an existing non-zero allowance value.They must first be approved by zero and then the actual allowance must be approved. Proof of Concept Tools Used Manual Review Recommended Mitigation...

6.9AI score
Exploits0
OSV
OSV
added 2022/03/18 12:21 a.m.15 views

GSD-2022-1000818 KVM: x86/mmu: make apf token non-zero to fix bug

KVM: x86/mmu: make apf token non-zero to fix bug This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.26 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2022/03/18 12:15 a.m.20 views

GSD-2022-1000752 KVM: x86/mmu: make apf token non-zero to fix bug

KVM: x86/mmu: make apf token non-zero to fix bug This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.12 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2022/03/03 6:15 p.m.2 views

DEBIAN-CVE-2022-26126

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isisnbnotifications.c...

7.8CVSS7.7AI score0.01068EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/03/03 12:0 a.m.4 views

PT-2022-17689 · Frrouting +3 · Frrouting +3

Name of the Vulnerable Software and Affected Versions: FRRouting versions through 8.1.0 Description: Buffer overflow vulnerabilities exist due to the use of strdup with a non-zero-terminated binary string in isis nb notifications.c. Recommendations: For versions through 8.1.0, as a temporary...

9.8CVSS7.8AI score0.02152EPSS
Exploits9References105
AlpineLinux
AlpineLinux
added 2022/03/03 12:0 a.m.39 views

CVE-2022-26126

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isisnbnotifications.c...

7.8CVSS8.1AI score0.01068EPSS
Exploits1
Mageia
Mageia
added 2022/01/25 12:13 p.m.83 views

Updated mysql-connector-c++ packages fix security vulnerability

Buffer overflow due to inccorect calculation in EVPPKEYdecrypt. CVE-2021-3711 Denial of Service attack due to possible non-zero terminated strings. CVE-2021-3712...

9.8CVSS8.3AI score0.87816EPSS
Exploits1References2
CNVD
CNVD
added 2021/11/11 12:0 a.m.6 views

Stark Bank Data Forgery Problem Vulnerability (CNVD-2021-95641)

Stark Bank is a banking API for individual developers in Brazil. performs all banking operations through the API, simplifying and automating payments, facilitating reconciliations and scaling operations. A data forgery issue vulnerability exists in Stark Bank Ecdsa-java, which stems from a failur...

9.8CVSS6.7AI score0.00994EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2021/11/10 8:58 p.m.46 views

Improper Verification of Cryptographic Signature in starkbank-ecdsa

The verify function in the Stark Bank Node.js ECDSA library ecdsa-node 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

9.8CVSS5.1AI score0.00994EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder