CVE-2026-1940 Gstreamer: incomplete fix of cve-2026-1940

An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gstwavparseadtlchunk function. The patch added a size validation check lsize + 8 size, but it does not account for the GSTROUNDUP2lsize used in the actual offset calculation. When lsize is an odd number, the parser advances more...

CVE-2026-1940

An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gstwavparseadtlchunk function. The patch added a size validation check lsize + 8 size, but it does not account for the GSTROUNDUP2lsize used in the actual offset calculation. When lsize is an odd number, the parser advances more...

EUVD-2021-0270

Malware in sbrugna...

PT-2025-7605 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions prior to 0.4.1 Description: The issue arises from the improper handling of oscillating final states in the sqrt function, which uses the babylonian method to calculate square roots of decimals. This can lead to sqrt incorrectly...

UBUNTU-CVE-2024-46759

In the Linux kernel, the following vulnerability has been resolved: hwmon: adc128d818 Fix underflows seen when writing limit attributes DIVROUNDCLOSEST after kstrtol results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering...

Too small deposits will result in no rsEth mint for the

Lines of code Vulnerability details Impact User will get nothing if the deposit amount is too small . Proof of Concept The getRsETHAmountToMint is for getting the conversion rate of asset to rsEth . /// @return rsethAmountToMint Amount of rseth to mint function getRsETHAmountToMint address asset,...

M-04 Unmitigated

Lines of code Vulnerability details Impact The previously identified vulnerability of potential rounding issues during reward calculations has not been fully mitigated. The current strategy to keep remainders and use them in subsequent claimAndSyncRewards calls does not adequately address the iss...

Mitigation of H-02: See comments

Lines of code Vulnerability details The PR applies the recommended mitigation from the finding, but doesn't take into account the rounding issue identified in M-09 Impact If the price the NFT is bought for is not an exact multiple of the filledQuantities, there will be a loss of precision, and...

Bypass SmartAccount handlePayment

Lines of code Vulnerability details Payment can be small/zero due to rounding down if tokenGasPriceFactor is sufficiently large and function won't revert on zero transfer. Validate tokenGasPriceFactor. --- The text was updated successfully, but these errors were encountered: All reactions...

FIRST DEPOSITOR CAN BREAK MINTING OF SHARES

Lines of code Vulnerability details Impact The attack vector and impact is the same as TOB-YEARN-003, where users may not receive shares in exchange for their deposits if the total asset amount has been manipulated through a large “donation”. In the SemiFungibleVault.sol file, the allocation of...

Nettle has an unspecified vulnerability (CNVD-2016-01311)

Nettle is a library of basic cryptographic functions. A security vulnerability exists in the 'ecc256modq' function in the ecc-256.c file in versions prior to Nettle 3.2, which stems from a failure of the program to properly handle rounding transfers when implementing P-256 NIST elliptic curves. A...