356 matches found
Upgraded Q -> 2 from #571 [1699543659773]
Judge has assessed an item in Issue 571 as 2 risk. The relevant finding follows: L-01 Internal accounting won’t work for rebase & elastic tokens --- The text was updated successfully, but these errors were encountered: All reactions...
Incompatibility with Rebase tokens
Lines of code Vulnerability details Impact Borrowers can choose whatever token they want to be the underlying token for a market. The problem comes when those tokens are Rebasing tokens such as Ampleforth. The balances of those tokens are changed rebased by a certain algorithm depending on the...
18 security update
nodejs 1:18.18.2-2 - Rebase to version 18.18.2 Resolves: CVE-2023-44487 CVE-2023-45143 CVE-2023-38552 CVE-2023-39333 nodejs-nodemon 3.0.1-1 - Rebase to 3.0.1 - Resolves: CVE-2022-25883 nodejs-packaging 2021.06-4 - NPM bundler: also find namespaced bundled dependencies 2021.06-3 - Rebuilt for...
galera and mariadb security update
galera 26.4.14-1.0.1 - Rebase to 26.4.14 26.4.13-1.0.1 - Rebase to 26.4.13 26.4.12-1.0.1 - Rebase to 26.4.12 mariadb 3:10.5.22-1 - Rebase to 10.5.22 3:10.5.21-1 - Rebase to version 10.5.21 3:10.5.20-2 - Use fortifylevel to disable fortification in debug builds 3:10.5.20-1 - Rebase to version...
mariadb:10.5 security update
galera 26.4.14-1 - Rebase to 26.4.14 26.4.13-1 - Rebase to 26.4.13 26.4.12-1 - Rebase to 26.4.12 Judy mariadb 3:10.5.22-1 - Rebase to 10.5.22 3:10.5.21-1 - Rebase to version 10.5.21 3:10.5.20-2 - Use fortifylevel to disable fortification in debug builds 3:10.5.20-1 - Rebase to version 10.5.20...
Important: Red Hat Security Advisory: nodejs security, bug fix, and enhancement update
An update for nodejs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
nodejs:18 security, bug fix, and enhancement update
nodejs 1:18.17.1-1 - Rebase to version 18.17.1 Resolves: rhbz2228940 Resolves: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 - Specify proper OpenSSL configuration section build Related: rhbz2226726 nodejs-nodemon 3.0.1-1 - Rebase to 3.0.1 - Resolves: CVE-2022-25883 nodejs-packaging...
accrueTokens will revert if any rebase tokens are used
Lines of code Vulnerability details Impact In PrimeLiquidityProvider.sol:accrueTokens we get the current balance of the passed token. If the token is any rebase token AMPL, stETH, RMPL and the current balance has become lower than tokenAmountAccruedtoken, the function will revert. This will lead ...
mariadb:10.3 security, bug fix, and enhancement update
galera 25.3.37-1 - Rebase to 25.3.37 Judy 1.0.5-18.0.1 - Rebuild Orabug: 31667911 mariadb 3:10.3.39-1 - MariaDB 10.3.32 socat: E Failed to set SNI host '' SST failure - Rebase to 10.3.39 - CVEs fixed: CVE-2022-47015, CVE-2018-25032, CVE-2022-32091, CVE-2022-32084...
Discrepancy in Token Allowance After Rebase Events
Lines of code Vulnerability details The function returns the number of tokens that spender is allowed to spend on behalf of owner. However, in the context of tokens with rebase mechanisms, the owner's balance can dynamically change without explicit transactions. The described behavior might lead ...
sos bug fix and enhancement update
An update is available for sos. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The sos package contains a set of utilities that gather information from system...
nodejs:18 security, bug fix, and enhancement update
nodejs 1:18.16.1-1 - Rebase to 18.16.1 Resolves: rhbz2188290 rhbz2166926 Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 - Replace /usr/etc/npmrc symlink with builtin configuration Resolves: rhbz2222287 nodejs-nodemon nodejs-packaging 2021.06-4 - NPM bundler: also find...
nodejs:16 security, bug fix, and enhancement update
nodejs 1:16.20.1-1 - Rebase to 16.20.1 Resolves: rhbz2188289 Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 - Replace /usr/etc/npmrc symlink with builtin configuration Resolves: rhbz2222288 nodejs-nodemon nodejs-packaging...
sos bug fix and enhancement update
An update is available for sos. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The sos package contains a set of utilities that gather information from system...
Lack of protection when caling CusdcV3Wrapper._withdraw
Lines of code Vulnerability details Impact When unwrapping the wComet to its rebasing comet, users with an equivalent amount of wComet invoking CusdcV3Wrapper.withdraw at around the same time could end up having different percentage gains because comet is not linearly rebasing. Moreover, the...
mod_auth_openidc:2.3 security update
cjose 0.6.1-3 - CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE Resolves: rhbz2223308 modauthopenidc 2.4.9.4-1 - Resolves: rhbz2025368 - Rebase to new version...
linux-firmware security update
20230516-999.20.git6c9e0ed5.el7 - cd72938cb480 linux-firmware: Update AMD fam17h cpu microcode - 92624e57af69 linux-firmware: Update AMD cpu microcode 20230516-999.19.git6c9e0ed5.el7 - Rebase to upstream - Revert removal of old iwlwifi firmwares Orabug: 35260375...
SUSE CVE-2021-32494
Radare2 has a division by zero vulnerability in Mach-O parser's rebasebuffer function. This allow attackers to create malicious inputs that can cause denial of service...
UBUNTU-CVE-2021-32494
Radare2 has a division by zero vulnerability in Mach-O parser's rebasebuffer function. This allow attackers to create malicious inputs that can cause denial of service...
PT-2023-12170 · Radare2 · Radare2
Name of the Vulnerable Software and Affected Versions: Radare2 affected versions not specified Description: The issue is related to a division by zero vulnerability in the Mach-O parser's rebase buffer function. This vulnerability allows attackers to create malicious inputs that can cause a denia...