195 matches found
PYSEC-2023-39
OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. isvalidethsignature is missing a call to finalizekeccak after calling verifyethsignature. As a result, any contract using isvalidethsignature from the...
Input validation
OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. isvalidethsignature is missing a call to finalizekeccak after calling verifyethsignature. As a result, any contract using isvalidethsignature from the...
PYSEC-2023-39
OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. isvalidethsignature is missing a call to finalizekeccak after calling verifyethsignature. As a result, any contract using isvalidethsignature from the...
CVE-2023-23940 OpenZeppelin Contracts for Cairo is vulnerable to signature validation bypass
OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. isvalidethsignature is missing a call to finalizekeccak after calling verifyethsignature. As a result, any contract using isvalidethsignature from the...
CVE-2023-23940 OpenZeppelin Contracts for Cairo is vulnerable to signature validation bypass
OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. isvalidethsignature is missing a call to finalizekeccak after calling verifyethsignature. As a result, any contract using isvalidethsignature from the...
CVE-2023-23940 OpenZeppelin Contracts for Cairo is vulnerable to signature validation bypass
OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. isvalidethsignature is missing a call to finalizekeccak after calling verifyethsignature. As a result, any contract using isvalidethsignature from the...
OpenZeppelin Contracts contains Improper Verification of Cryptographic Signature
Cause isvalidethsignature is missing a call to finalizekeccak after calling verifyethsignature. Impact As a result, any contract using isvalidethsignature from the account library such as the EthAccount preset is vulnerable to a malicious sequencer. Specifically, the malicious sequencer would be...
GHSA-626Q-V9J4-MCP4 OpenZeppelin Contracts contains Improper Verification of Cryptographic Signature
Cause isvalidethsignature is missing a call to finalizekeccak after calling verifyethsignature. Impact As a result, any contract using isvalidethsignature from the account library such as the EthAccount preset is vulnerable to a malicious sequencer. Specifically, the malicious sequencer would be...
Malicious code in ac-animation-sequencer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7595dea4b4bf14edbd22f889a9d64c68692b172c8ffbbc5684b3903c81aeafd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-811 Malicious code in ac-animation-sequencer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7595dea4b4bf14edbd22f889a9d64c68692b172c8ffbbc5684b3903c81aeafd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in layer2-sequencer-health-adapter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b884802f67a9bb035e8196cb37bcfa92c65ec0cce9dfc97e6d3c55f45abf04cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4263 Malicious code in layer2-sequencer-health-adapter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b884802f67a9bb035e8196cb37bcfa92c65ec0cce9dfc97e6d3c55f45abf04cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
dnaTools dnaLIMS DNA Sequencer Command Injection (CVE-2017-6526)
...
The vulnerability in the implementation of the alsa_seq_dummy_init handler in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the alsaseqdummyinit implementation in the sound/core/seq/snd-seq-dummy.ko module of the Linux operating system is related to a memory leak. Exploiting this vulnerability could allow an attacker to cause a system failure by connecting an ALSA sequencer MIDI-through device. Th...
Memory Corruption
Linux kernel is vulnerable to memory corruption vulnerability. This is because the ALSA sequencer core initializes the event pool on demand by invoking sndseqpoolinit when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently causing an...
Friday Squid Blogging: Toraiz SQUID Digital Sequencer
Pioneer DJ has a new sequencer: the Toraiz SQUID: Sequencer Inspirational Device. The 16-track sequencer is designed around jamming and performance with a host of features to create "happy accidents" and trigger random sequences, modulations and chords. There are 16 RGB pads for playing in your...
kernel: race condition in snd_seq_write() may lead to UAF or OOB-access
ALSA sequencer core initializes the event pool on demand by invoking sndseqpoolinit when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access...
EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1296)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A an integer overflow vulnerability was discovered in the Linux kernel, from version 3.4 through 4.15, in the...
EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1260)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Linux kernel's client-side implementation of the cifs protocol. This flaw allows an attacker controlling...
Virtuozzo 7 : OVMF / crit / criu / criu-devel / ksm-vz / etc (VZA-2018-063)
According to the versions of the OVMF / crit / criu / criu-devel / ksm-vz / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Linux kernel's skcipher component, which affects the skcipherrecvmsg function...