Lucene search
K

33 matches found

OSV
OSV
added 2024/06/07 7:19 a.m.14 views

BIT-GOLANG-2024-24789 Mishandling of corrupt central directory record in archive/zip

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...

5.5CVSS6.1AI score0.00446EPSS
Exploits0References8
Amazon
Amazon
added 2024/01/08 12:0 a.m.4 views

Medium: gnutls

Issue Overview: A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. Only TLS ciphertext processing is affected. CVE-2023-5981 Affected Packages: gnutls Issue Correction:...

5.9CVSS6.7AI score0.01257EPSS
Exploits0
Citrix
Citrix
added 2023/09/11 12:0 a.m.6 views

NetScaler NTP sync failure when NTP server Root Dispersion value greater that 1 second

NetScaler NTP sync failure when Root Dispersion value is larger than 1 second. Dispersion isthe maximum difference recorded between the NTP client and the NTP serverrecorded in seconds. Root Dispersion measures the maximum amount of variance between the NTP server and its known time source. If...

7.1AI score
Exploits0
OSV
OSV
added 2022/09/16 9:8 p.m.11 views

GHSA-P75V-367R-2V23 `cell-project` used incorrect variance when projecting through `&Cell<T>`

Overview The issue lies in the implementation of the cellproject macro which used field as const instead of field as mut . The problem being that const T is covariant in T while mut T is invariant in T. Keep in mind that &Cell is invariant in T, so casting to const T relaxed the variance, and lea...

7AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/09/16 9:8 p.m.17 views

`cell-project` used incorrect variance when projecting through `&Cell<T>`

Overview The issue lies in the implementation of the cellproject macro which used field as const instead of field as mut . The problem being that const T is covariant in T while mut T is invariant in T. Keep in mind that &Cell is invariant in T, so casting to const T relaxed the variance, and lea...

1.1AI score
Exploits0References4Affected Software1
Code423n4
Code423n4
added 2022/07/01 12:0 a.m.6 views

updateBaseRate and getBorrowRate will always revert if Note/gUSDC TWAP is above 1

Lines of code Vulnerability details Impact updateBaseRate will revert if Note/gUSDC TWAP is above 1 causing all dependent functions to revert as well Proof of Concept If twapMantissa is greater than 1 then L147 will revert due to underflow error Tools Used Recommended Mitigation Steps It seems th...

6.7AI score
Exploits0
OSV
OSV
added 2022/06/17 12:16 a.m.11 views

GHSA-9C9F-7X9P-4WQP A malicious coder can get unsound access to TCell or TLCell memory

This is impossible to do by accident, but by carefully constructing marker types to be covariant, a malicious coder can cheat the singleton check in TCellOwner and TLCellOwner, giving unsound access to cell memory. This could take the form of getting two mutable references to the same memory, or ...

7AI score
Exploits0References3
Code423n4
Code423n4
added 2021/11/09 12:0 a.m.9 views

Permissioned nature of TwapOracle allows owner to manipulate oracle

Handle TomFrench Vulnerability details Impact Potentially frozen or purposefully inaccurate USDV:VADER price feed. Proof of Concept Only the owner of TwapOracle can call update on the oracle. Should the owner desire they could cease calling update on the oracle for a period. Over this period the...

6.8AI score
Exploits0
RustSec
RustSec
added 2020/08/27 12:0 p.m.14 views

`cell-project` used incorrect variance when projecting through `&Cell<T>`

Overview The issue lies in the implementation of the cellproject macro which used field as const instead of field as mut . The problem being that const T is covariant in T while mut T is invariant in T. Keep in mind that &Cell is invariant in T, so casting to const T relaxed the variance, and lea...

1.1AI score
Exploits0Affected Software1
OSV
OSV
added 2020/08/27 12:0 p.m.10 views

RUSTSEC-2020-0164 `cell-project` used incorrect variance when projecting through `&Cell<T>`

Overview The issue lies in the implementation of the cellproject macro which used field as const instead of field as mut . The problem being that const T is covariant in T while mut T is invariant in T. Keep in mind that &Cell is invariant in T, so casting to const T relaxed the variance, and lea...

7AI score
Exploits0References4
Microsoft KB
Microsoft KB
added 2019/10/08 7:0 a.m.104 views

Description of the security update for SharePoint Server 2019: October 8, 2019

Description of the security update for SharePoint Server 2019: October 8, 2019 Summary This security update resolves an elevation of privilege vulnerability that exists in Microsoft SharePoint. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2019-1330...

6.5CVSS6AI score0.02442EPSS
Exploits0
n0where
n0where
added 2018/02/03 1:55 a.m.403 views

Software Defined Radio Attack Tool: RFCrack

RFCrack is my personal RF test bench, it was developed for testing RF communications between any physical device that communicates over sub Ghz frequencies. IoT devices, Cars, Alarm Systems etc… Testing was done with the Yardstick One on OSX, but RFCrack should work fine in linux. Current support...

0.9AI score
Exploits0References1
CERT
CERT
added 2003/03/25 12:0 a.m.91 views

Cryptographic libraries and applications do not adequately defend against timing attacks

Overview Cryptographic libraries and applications do not provide adequate defense against a side-channel timing attack against RSA private keys. Such an attack has been shown to be practical using currently available hardware on systems and networks with sufficiently low variance in latency...

9.2AI score
Exploits0References10
Rows per page
Query Builder