Design/Logic Flaw

dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets allocate more than INTMAX bytes, and crash, because of a missing check for struct dmioctl.targetcount...

CVE-2023-52429

dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets allocate more than INTMAX bytes, and crash, because of a missing check for struct dmioctl.targetcount...

CVE-2024-24579 Tar path traversal in stereoscope when processing OCI tar archives

stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary director...

python: DoS when processing malformed Apple Property List files in binary format

A vulnerability was found in the Python core plistlib library within the readints function in the plistlib.py file. In malformed input, the implementation can be manipulated to create an argument for struct.unpack. This issue can lead to excessive CPU and memory consumption, resulting in a...

EulerOS 2.0 SP10 : binutils (EulerOS-SA-2024-1054)

According to the versions of the binutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in Binutils. The use of an uninitialized field in the struct module module may lead to application crash and local denial of...

`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access

...

SUSE CVE-2023-50711

vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the FamStructWrapper::deserialize implementation provided by the crate for vmmsysutil::fam::FamStructWrapper can lea...

DEBIAN-CVE-2023-50711

vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the FamStructWrapper::deserialize implementation provided by the crate for vmmsysutil::fam::FamStructWrapper can lea...

UBUNTU-CVE-2023-50711

vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the FamStructWrapper::deserialize implementation provided by the crate for vmmsysutil::fam::FamStructWrapper can lea...

CentOS 7 : curl (RHSA-2023:7743)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7743 advisory. - A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can...

CVE-2023-6546

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOCSETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsmdlci while restarting th...

CVE-2023-6546

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOCSETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsmdlci while restarting th...

CVE-2023-6546 Kernel: gsm multiplexing race condition leads to privilege escalation

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOCSETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsmdlci while restarting th...

Lack of input validation for ClosePositionParams.amountSwap results in theft of fund (premium + protocol fee))

Lines of code Vulnerability details Impact Lack of input validation for ClosePositionParams.amountSwap results in theft of fund Proof of Concept ParticlePositionManager.sol hold two part of fund 1. the contract hold premium added by borrower 2. the contract hold protocol fee before protocol...

RHEL 7 : curl (RHSA-2023:7743)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7743 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, a...

Wrapping ether with Ocean.doMultipleInteractions() reverts

Lines of code Vulnerability details Summary Wrapping ether with doMultipleInteractions reverts. This is the case if one or more of the interactions is handling ether. If we look at the internal helper function, doMultipleInteractions, it includes the following: if msg.value != 0...

kernel: scsi: mpi3mr: Use number of bits to manage bitmap sizes

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Use number of bits to manage bitmap sizes To allocate bitmaps, the mpi3mr driver calculates sizes of bitmaps using byte as unit. However, bitmap helper functions assume that bitmaps are allocated using unsigned long...

the nonce value is not increasing everytime

Lines of code Vulnerability details Impact the nonce value is not increasing everytime The nonce value is used to create the TypeHashHelper.Transaction struct that's passed to the buildTransactionStructHash function. The actual value of executorNonceexecRequest.accountexecRequest.executor is...

curl: Fix of CVE-2023-38546

CVE-2023-38546: cookie: remove unnecessary struct fields - Rebuild expired test certificates...

CVE-2023-42522

Certain WithSecure products allow a remote crash of a scanning engine via processing of an import struct in a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecu...