SUSE CVE-2013-2237

The keynotifypolicyflush function in net/key/afkey.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notifypolicy interface of an IPSec keysocket...

SUSE CVE-2021-39272

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...

SUSE CVE-2022-3545

A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function areacacheget of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfpcppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a...

PT-2023-5866

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.57 Bamboo Data Center and Server versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.1, and 9.3.0 F5 NGINX products affected versions not specified gRPC-Go versions prior to 1.56.3, 1.57.1, and 1.58.3 IBM HTTP...

CVE-2022-41396

Tenda AC1200 Router Model W15Ev2 V15.11.0.101576 was discovered to contain multiple command injection vulnerabilities in the function setIPsecTunnelList via the IPsecLocalNet and IPsecRemoteNet parameters...

[M1] Owner can steal any createdPledge's tokens

Lines of code Vulnerability details Impact Malicious owner can steal any created pledge even to drain the whole contract Proof of Concept Functions like recoverERC20 are good to recover tokens accidentally transferred to a contract. The common approach for these function is to exclude real tokens...

It's possible to steal a part of the funds in any pair contract and/or DOS a new pair

Lines of code Vulnerability details The function collectFeesaddress account, uint256 memory ids in LBPair.sol is supposed to calculate and transfer the fees owed to account. Since the protocol assumes that the pair contract itself cannot accumulate fees, this function is exploitable by passing th...

Linux kernel 竞争条件问题漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that affects the function tsttimer in the component IPsec's file drivers/atm/idt77252.c. The operation leads to free post-use. No details of the vulnerability ar...

Linux kernel 资源管理错误漏洞

The Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux Kernel has a security vulnerability that affects the functions devlinkparamset/devlinkparamget in the component IPsec's file net/core/devlink.c. The operation leads to free post-use. No details...

UBUNTU-CVE-2022-3545

A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function areacacheget of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfpcppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Bypassing authentication Bypassing security measure Remote code execution Administrator/Roo...

Important: Red Hat Security Advisory: openvswitch2.15 security update

An update for openvswitch2.15 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Anyone can deploy a pair with a potentially malicious token

Lines of code Vulnerability details By allowing anyone to create a pair with any two tokens there is a risk that an unsavory token will get included either as collateral or as an asset. It could range from a bad actor intentionally inserting a malicious token to a well-intentioned team that...

User Funds are Locked in the VotingEscrow Contract When Delegated User Withdraws

Lines of code Vulnerability details Description There exists an issue when a delegated user attempts to withdraw the locked funds after a lock duration is expired, as a result the funds for the original user who triggered the delegation is lost within the contract. Impact This is an issue because...

PT-2022-6332 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: A vulnerability was found in the Linux Kernel, affecting the vsock connect function of the net/vmw vsock/af vsock.c file. This issue is related to incorrect handling of socket block...

The vulnerability of the Common Gateway Interface (CGI) interface of microprogramming software for network devices such as ZyXEL USG, ZyWALL, USG FLEX, ATP, and VPN allows attackers to circumvent security restrictions.

The vulnerability of the Common Gateway Interface CGI interface of ZyXEL USG, ZyWALL, USG FLEX, ATP, and VPN network devices is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions by using IPSec VPN...

Admin Can Broke All Functionality Through Weth Address

Lines of code Vulnerability details Impact On the protocol, almost all functionality is constructed through WETH address. however, If the admin is set to WETH address mistakenly, user could not claim through . Admin can break the protocol. Proof of Concept Tools Used Code Review Recommended...

kernel: buffer overflow in IPsec ESP transformation code

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...

kernel: buffer overflow in IPsec ESP transformation code

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...

kernel: buffer overflow in IPsec ESP transformation code

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...