157 matches found
RewardReinvestor.provideReinvest and splitReinvest are vulnerable to sandwich attacks as market price isn't checked
Handle hyh Vulnerability details Impact Liquidity provision can happen at a manipulated price which leads to immediate loss for liquidity provider i.e. IL happens right after liquidity provision in this case. This yields direct loss for an LP account owner, for example schematically: 0. Suppose...
CVE-2021-2461
Vulnerability in the Oracle Communications Interactive Session Recorder product of Oracle Communications component: Provision API. The supported version that is affected is 6.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
PostAuctionLauncher's liquidity provision can be exploited
Handle cmichel Vulnerability details The PostAuctionLauncher.finalize function takes the raised payment token amounts and uses previously provided auction token amounts to provide liquidity to a Sushiswap pool after an auction has successfully been finalized. It provides this liquidity at a...
ASB-A-181660448
In p2pprocessprovdiscreq of p2ppd.c, there is a possible out of bounds read and write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2021-1917)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-4898-1 : wpa - security update
Several vulnerabilities have been discovered in wpasupplicant and hostapd. - CVE-2020-12695 It was discovered that hostapd does not properly handle UPnP subscribe messages under certain conditions, allowing an attacker to cause a denial of service. - CVE-2021-0326 It was discovered that...
openSUSE: Security Advisory for wpa_supplicant (openSUSE-SU-2021:0404-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OESA-2021-1133 wpa_supplicant security update
wpasupplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and Windows with support for WPA and WPA2 IEEE 802.11i / RSN. It is suitable for both desktop/laptop computers and embedded systems. Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key...
CentOS 7 : wpa_supplicant (RHSA-2021:0808)
The remote CentOS Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:0808 advisory. - A vulnerability was discovered in how p2p/p2ppd.c in wpasupplicant before 2.10 processes P2P Wi-Fi Direct provision discovery requests. It could result in...
wpa_supplicant: Use-after-free in P2P provision discovery processing
A flaw was found in the wpasupplicant, in the way it processes P2P Wi-Fi Direct provision discovery requests. This flaw allows an attacker who is within radio range of the device running P2P discovery to cause termination of the wpasupplicant process or potentially cause code execution. The highe...
wpa_supplicant: Use-after-free in P2P provision discovery processing
A flaw was found in the wpasupplicant, in the way it processes P2P Wi-Fi Direct provision discovery requests. This flaw allows an attacker who is within radio range of the device running P2P discovery to cause termination of the wpasupplicant process or potentially cause code execution. The highe...
Important: Red Hat Security Advisory: wpa_supplicant security update
An update for wpasupplicant is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...
Security update for wpa_supplicant (important)
openSUSE Security Update: Security update for wpasupplicant Announcement ID: openSUSE-SU-2021:0404-1 Rating: important References: 1182805 Cross-References: CVE-2021-27803 CVSS scores: CVE-2021-27803 NVD : 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-27803 SUSE: 7.5...
wpa_supplicant: Use-after-free in P2P provision discovery processing
A flaw was found in the wpasupplicant, in the way it processes P2P Wi-Fi Direct provision discovery requests. This flaw allows an attacker who is within radio range of the device running P2P discovery to cause termination of the wpasupplicant process or potentially cause code execution. The highe...
RHEL 8 : wpa_supplicant (RHSA-2021:0809)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:0809 advisory. The wpasupplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 IEEE 802.11i / RSN, and various EAP authentication methods...
SUSE SLES12 Security Update : wpa_supplicant (SUSE-SU-2021:0720-1)
This update for wpasupplicant fixes the following issues : CVE-2021-27803: Fixed a P2P provision discovery processing vulnerability bsc1182805. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to...
SUSE-SU-2021:0745-1 Security update for wpa_supplicant
This update for wpasupplicant fixes the following issues: - CVE-2021-27803: P2P provision discovery processing vulnerability bsc1182805...
SUSE-SU-2021:0721-1 Security update for wpa_supplicant
This update for wpasupplicant fixes the following issues: - CVE-2021-27803: Fixed a P2P provision discovery processing vulnerability bsc1182805...
SUSE-SU-2021:0720-1 Security update for wpa_supplicant
This update for wpasupplicant fixes the following issues: - CVE-2021-27803: Fixed a P2P provision discovery processing vulnerability bsc1182805...
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code) for an attacker within radio range.
...