PositionManager's moveLiquidity can freeze funds by removing destination index even when the move was partial

Lines of code Vulnerability details positionIndex.removeparams.fromIndexremoves the PositionManager entry even when it is only partial removal as a result of IPoolparams.pool.moveQuoteToken... call. I.e. it is correct to do fromPosition.lps -= vars.lpbAmountFrom, but the resulting amount might no...

CVE-2023-30088

An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjsexecute function in mjs.c...

mysql: Server: Connection Handling unspecified vulnerability (CPU Apr 2023)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Connection Handling. Supported versions that are affected are 5.7.40 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromi...

mysql: Server: Thread Pooling unspecified vulnerability (CPU Jan 2023)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Thread Pooling. Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

kernel: nfsd: don't replace page in rq_pages if it's a continuation of last page

In the Linux kernel, the following vulnerability has been resolved: nfsd: don't replace page in rqpages if it's a continuation of last page The splice read calls nfsdspliceactor to put the pages containing file data into the svcrqst-rqpages array. It's possible however to get a splice result that...

XKCP: buffer overflow in the SHA-3 reference implementation

A flaw was found in the Keccak XKCP SHA-3 reference implementation. The sponge function interface allows partial input data to be processed, and partial output to be produced. When at least one of these has a length of 4294967096 bytes or more, it can result in elimination of cryptographic...

Huawei EulerOS: Security Advisory for libdb (EulerOS-SA-2023-1734)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.0 : libdb (EulerOS-SA-2023-1734)

According to the versions of the libdb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to...

The vulnerability of the OXI software component for managing hotel resources, Oracle Hospitality Opera 5, allows a hacker to modify data, cause partial service interruptions, or gain unauthorized access to the device.

The vulnerability of the OXI software component for managing hotel resources in Oracle Hospitality Opera 5 exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to modify data remotely, cause partial service interruptions, or gain unauthorized...

Office application installation when using a Citrix Workspace App version higher than 2107

When launching the first MS Office Pro Plus 2016 application in a session, a partial installation is ran...

GHSA-6W4M-2XHG-2658 Buffer overflow in sponge queue functions

Impact The Keccak sponge function interface accepts partial inputs to be absorbed and partial outputs to be squeezed. A buffer can overflow when partial data with some specific sizes are queued, where at least one of them has a length of 2^32 - 200 bytes or more. Patches Yes, see commit fdc6fef0...

Buffer overflow in sponge queue functions

Impact The Keccak sponge function interface accepts partial inputs to be absorbed and partial outputs to be squeezed. A buffer can overflow when partial data with some specific sizes are queued, where at least one of them has a length of 2^32 - 200 bytes or more. Patches Yes, see commit fdc6fef0...

Buffer overflow in sponge queue functions

Impact The Keccak sponge function interface accepts partial inputs to be absorbed and partial outputs to be squeezed. A buffer can overflow when partial data with some specific sizes are queued, where at least one of them has a length of 2^32 - 200 bytes or more. Patches Yes, see commit fdc6fef0...

Mars: ' Full Account Takeover ' at █████

A severe vulnerability was identified in the login functionality of a website belonging to Mars. An unauthorized actor could manipulate the server's response from the ██████████ endpoint to gain unauthorized access to any user account on the platform, leading to a full account takeover...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-67093)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by attackers to cause an unauthorized partial denial of service partial DOS of MySQL Server...

CVE-2021-36436

An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint...

Mobicint 授权问题漏洞

Mobicint is Mobicint's mobile and desktop service for financial institutions. A security vulnerability exists in Mobicint version v3, which stems from the ability to retrieve partial e-mail addresses and user-entered information via the forgotten-password API...

CVE-2023-21963

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Connection Handling. Supported versions that are affected are 5.7.40 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromi...

CVE-2023-21978

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: GUI. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Object...

CVE-2023-21960

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server...