GHSA-XV7H-95R7-595J Incorrect implementation of lockout feature in Keycloak

A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality...

Design/Logic Flaw

A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality...

CVE-2021-3513

A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality...

VotingEscrow.increaseUnlockTime() uses wrong unlock time for old lock.

Lines of code Vulnerability details Impact VotingEscrow.increaseUnlockTime uses wrong unlock time for old lock. The user's voting power might be calculated wrongly. Proof of Concept As we can see from CheckpointMath, the oldLock.end should be original value but it uses the increased unlocktime...

CVE-2022-20350

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is not...

CVE-2022-20350

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is not...

Possible signature replay in updateTaskHash() and updateProjectHash() function

Lines of code Vulnerability details Impact In updateProjectHash function, the data encoded only hash and nonce value but not the projectAddress. In case builder had 2 or more projects, the signature that builder used in updateProjectHash can also be used in other projects by attackers. bytes memo...

Moderate: Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.0.1 security update

Secondary Scheduler Operator for Red Hat OpenShift 1.0.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

CVE-2022-33745

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF see XSA-273, PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / val...

Design/Logic Flaw

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF see XSA-273, PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / val...

The vulnerability of the Red Database database management system lies in the improper handling of unexpected data types, which allows attackers to trigger service failures.

The vulnerability of the Red Database database management system is related to the improper handling of unexpected data types. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure by sending an incorrect page number to the server during replication...

CVE-2022-34641

CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMP violation occurs during address translation...

CVA6 安全漏洞

CVA6 is an application class 6 RISC-V CPU open-sourced by the OpenHW Group in Canada. A security vulnerability exists in CVA6 that originates from loading an illegal virtual address, which may result in an incorrect exception type...

Fee-on-transfer tokens not supported

Lines of code Vulnerability details Impact Incorrect accounting will lead to wrong assets distribution and some users gaining more and some users getting fewer tokens than they should. Proof of Concept Functions rely on user input to calculate distribution of tokens instead of relying on the...

Exposure of Resource to Wrong Sphere

Azure Storage Library Information Disclosure Vulnerability...

CentOS 8 : go-toolset:rhel8 (CESA-2022:5337)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2022:5337 advisory. - golang: encoding/pem: fix stack overflow in Decode CVE-2022-24675 - golang: regexp: stack exhaustion via a deeply nested expression CVE-2022-24921 -...

Format string

CVA6 commit 909d85a gives incorrect permission to use special multiplication units when the format of instructions is wrong...

CVE-2022-33023

CVA6 commit 909d85a gives incorrect permission to use special multiplication units when the format of instructions is wrong...

GSD-2022-1004016 fsnotify: fix wrong lockdep annotations

fsnotify: fix wrong lockdep annotations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.283 by commit...

GSD-2022-1003639 fsnotify: fix wrong lockdep annotations

fsnotify: fix wrong lockdep annotations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.121 by commit...