Lucene search
K

195 matches found

PyPA
PyPA
added 2023/02/03 8:15 p.m.4 views

PYSEC-2023-39

OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. isvalidethsignature is missing a call to finalizekeccak after calling verifyethsignature. As a result, any contract using isvalidethsignature from the...

6.4CVSS6.9AI score0.0022EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/02/03 8:15 p.m.14 views

Input validation

OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. isvalidethsignature is missing a call to finalizekeccak after calling verifyethsignature. As a result, any contract using isvalidethsignature from the...

2.1CVSS5.2AI score0.0022EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/02/03 8:15 p.m.4 views

PYSEC-2023-39

OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. isvalidethsignature is missing a call to finalizekeccak after calling verifyethsignature. As a result, any contract using isvalidethsignature from the...

6.4CVSS5.6AI score0.0022EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/02/03 7:43 p.m.19 views

CVE-2023-23940 OpenZeppelin Contracts for Cairo is vulnerable to signature validation bypass

OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. isvalidethsignature is missing a call to finalizekeccak after calling verifyethsignature. As a result, any contract using isvalidethsignature from the...

6.4CVSS6.6AI score0.0022EPSS
Exploits0References2
OSV
OSV
added 2023/02/03 7:43 p.m.17 views

CVE-2023-23940 OpenZeppelin Contracts for Cairo is vulnerable to signature validation bypass

OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. isvalidethsignature is missing a call to finalizekeccak after calling verifyethsignature. As a result, any contract using isvalidethsignature from the...

6.4CVSS5.5AI score0.0022EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/02/03 7:43 p.m.7 views

CVE-2023-23940 OpenZeppelin Contracts for Cairo is vulnerable to signature validation bypass

OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. isvalidethsignature is missing a call to finalizekeccak after calling verifyethsignature. As a result, any contract using isvalidethsignature from the...

6.4CVSS6.6AI score0.0022EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/02/02 4:59 p.m.39 views

OpenZeppelin Contracts contains Improper Verification of Cryptographic Signature

Cause isvalidethsignature is missing a call to finalizekeccak after calling verifyethsignature. Impact As a result, any contract using isvalidethsignature from the account library such as the EthAccount preset is vulnerable to a malicious sequencer. Specifically, the malicious sequencer would be...

6.4CVSS5.5AI score0.0022EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/02/02 4:59 p.m.27 views

GHSA-626Q-V9J4-MCP4 OpenZeppelin Contracts contains Improper Verification of Cryptographic Signature

Cause isvalidethsignature is missing a call to finalizekeccak after calling verifyethsignature. Impact As a result, any contract using isvalidethsignature from the account library such as the EthAccount preset is vulnerable to a malicious sequencer. Specifically, the malicious sequencer would be...

6CVSS5.7AI score0.0022EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:19 p.m.3 views

Malicious code in ac-animation-sequencer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7595dea4b4bf14edbd22f889a9d64c68692b172c8ffbbc5684b3903c81aeafd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:19 p.m.9 views

MAL-2022-811 Malicious code in ac-animation-sequencer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7595dea4b4bf14edbd22f889a9d64c68692b172c8ffbbc5684b3903c81aeafd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:12 p.m.2 views

Malicious code in layer2-sequencer-health-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b884802f67a9bb035e8196cb37bcfa92c65ec0cce9dfc97e6d3c55f45abf04cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:12 p.m.4 views

MAL-2022-4263 Malicious code in layer2-sequencer-health-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b884802f67a9bb035e8196cb37bcfa92c65ec0cce9dfc97e6d3c55f45abf04cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2019/07/07 12:0 a.m.1 views

dnaTools dnaLIMS DNA Sequencer Command Injection (CVE-2017-6526)

...

10CVSS2.5AI score0.574EPSS
Exploits9
BDU FSTEC
BDU FSTEC
added 2019/06/27 12:0 a.m.9 views

The vulnerability in the implementation of the alsa_seq_dummy_init handler in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the alsaseqdummyinit implementation in the sound/core/seq/snd-seq-dummy.ko module of the Linux operating system is related to a memory leak. Exploiting this vulnerability could allow an attacker to cause a system failure by connecting an ALSA sequencer MIDI-through device. Th...

6.2CVSS5.5AI score
Exploits0Affected Software1
Veracode
Veracode
added 2019/05/16 3:11 a.m.36 views

Memory Corruption

Linux kernel is vulnerable to memory corruption vulnerability. This is because the ALSA sequencer core initializes the event pool on demand by invoking sndseqpoolinit when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently causing an...

7.8CVSS7.7AI score0.005EPSS
Exploits0References24Affected Software2
Schneier on Security
Schneier on Security
added 2019/04/26 9:14 p.m.46 views

Friday Squid Blogging: Toraiz SQUID Digital Sequencer

Pioneer DJ has a new sequencer: the Toraiz SQUID: Sequencer Inspirational Device. The 16-track sequencer is designed around jamming and performance with a host of features to create "happy accidents" and trigger random sequences, modulations and chords. There are 16 RGB pads for playing in your...

0.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2018/10/30 12:5 p.m.4 views

kernel: race condition in snd_seq_write() may lead to UAF or OOB-access

ALSA sequencer core initializes the event pool on demand by invoking sndseqpoolinit when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access...

7.8CVSS7.1AI score0.005EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/09/27 12:0 a.m.35 views

EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1296)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A an integer overflow vulnerability was discovered in the Linux kernel, from version 3.4 through 4.15, in the...

7.8CVSS6.8AI score0.00502EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/09/18 12:0 a.m.36 views

EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1260)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Linux kernel's client-side implementation of the cifs protocol. This flaw allows an attacker controlling...

7.8CVSS6.7AI score0.0363EPSS
Exploits3References9
Tenable Nessus
Tenable Nessus
added 2018/08/31 12:0 a.m.70 views

Virtuozzo 7 : OVMF / crit / criu / criu-devel / ksm-vz / etc (VZA-2018-063)

According to the versions of the OVMF / crit / criu / criu-devel / ksm-vz / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Linux kernel's skcipher component, which affects the skcipherrecvmsg function...

7.8CVSS7.2AI score0.7354EPSS
Exploits0References11
Rows per page
Query Builder