GSD-2023-1002040 riscv: kprobe: Fixup kernel panic when probing an illegal position

riscv: kprobe: Fixup kernel panic when probing an illegal position This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.93 by commit...

GSD-2023-1001876 riscv: kprobe: Fixup kernel panic when probing an illegal position

riscv: kprobe: Fixup kernel panic when probing an illegal position This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.11 by commit...

PT-2025-13324 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: A vulnerability in the Linux kernel has been resolved, which previously caused a kernel panic when probing an illegal position. This occurred when the kprobe's ebreak instruction...

Missing Access Controls in Liquidity Position Library

Lines of code Vulnerability details Impact function feesEarnedOf LiquidityPosition memory liquidityPosition, uint256 long0FeeGrowth, uint256 long1FeeGrowth, uint256 shortFeeGrowth internal pure returns uint256 long0Fee, uint256 long1Fee, uint256 shortFee ... function updateLiquidityPosition stora...

CVE-2022-43539

A vulnerability exists in the ClearPass Policy Manager cluster communications that allow for an attacker in a privileged network position to potentially obtain sensitive information. A successful exploit could allow an attacker to retrieve information that allows for unauthorized actions as a...

CVE-2022-43539

A vulnerability exists in the ClearPass Policy Manager cluster communications that allow for an attacker in a privileged network position to potentially obtain sensitive information. A successful exploit could allow an attacker to retrieve information that allows for unauthorized actions as a...

CVE-2022-44036

In b2evolution 7.2.5, if configured with adminscanmanipulatesensitivefiles, arbitrary file upload is allowed for admins, leading to command execution. NOTE: the vendor's position is that this is "very obviously a feature not an issue and if you don't like that feature it is very obvious how to...

Wrong position size calculation in TradingLibrary.pnl()

Lines of code Vulnerability details Impact Users will pay less closing fees than they should when they have a profitable short position. Also, they will pay more fees when they have a lost short position. Proof of Concept TradingLibrary.pnl calculates the new position size like below. function...

The vulnerability of the software package for creating the position control system CX-Position, which is part of the Omron CX-One software suite, lies in the ability to write data beyond the buffer memory. This allows a hacker to execute arbitrary code.

The vulnerability of the software package for creating the position control system CX-Position, which is part of the Omron CX-One software suite, relates to the ability to write data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary...

Not enough margin pulled or burned from user when adding to a position

Lines of code Vulnerability details Impact When adding to a position, the amount of margin pulled from the user is not as much as it should be, which leaks value from the protocol and lowering the collateralization ratio of tigAsset. Proof of Concept In Trading.addToPosition the handleDeposit...

Functions of Trading contract can be reentered by Position.sol#mint

Lines of code Vulnerability details Impact Both the contracts of Position and Trading may not work correctly. Proof of Concept The Position.solmint calls safeMint will trigger a checkOnERC721Received callback, which can be used to reenter. Crackers can use this vulnerability to attack the protoco...

_priceData.price is not verified in _limitClose

Lines of code Vulnerability details Impact In the function limitClose from the TradingExtension contract the priceData.price is not verified with the getVerifiedPrice function instead its value is directly used, and because the the getVerifiedPrice internally calls the function...

Discrepency in the Uniswap V3 position price calculation because of decimals

Lines of code Vulnerability details Impact When the squared root of the Uniswap V3 position is calculated from the getOracleData function, the price may return a very high number in the case that the token1 decimals are strictly superior to the token0 decimals. See: The reason is that at the...

The vulnerability of the software package for creating the CX-Position position control system, which is part of the Omron CX-One software suite, allows a perpetrator to execute arbitrary code.

The vulnerability of the software package for creating the CX-Position position control system, which is part of the Omron CX-One software suite, relates to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially created file...

CVE-2022-45480

PC Keyboard WiFi & Bluetooth allows an attacker in a man-in-the-middle position between the server and a connected device to see all data including keypresses in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N...

The vulnerability of the software package for creating the CX-Position position control system, which is part of the Omron CX-One software suite, allows a perpetrator to execute arbitrary code.

The vulnerability of the software package for creating the CX-Position position control system, which is part of the Omron CX-One software suite, relates to the execution of operations outside the buffer in memory when processing NCI files. Exploiting this vulnerability can allow an attacker to...

The vulnerability of the software package for creating the CX-Position position control system, which is part of the Omron CX-One software suite, allows a perpetrator to execute arbitrary code.

The vulnerability of the software package for creating the CX-Position position control system, which is part of the Omron CX-One software suite, relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially creat...

Server side request forgery (ssrf)

An issue was discovered in BMC Remedy before 22.1. Email-based Incident Forwarding allows remote authenticated users to inject HTML such as an SSRF payload into the Activity Log by placing it in the To: field. This affects rendering that occurs upon a click in the "number of recipients" field...

uint16 type for the facet position and selector position

Lines of code Vulnerability details Description In the Diamond library there is uint16 type used for the facet position and selector position in the FacetToSelectors and SelectorToFacet structs. That creates a restriction that the number of facets is limited by 2^16. In case when the number of...

CVE-2022-39348

A host header injection flaw was found in the twisted event-based framework's web module. When the host header does not match a configured host, the web module will render unescaped characters into the 404 response. This can result in HTML and script injection. For this vulnerability to be...