Mozilla Firefox 资源管理错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. FireFox suffers from a security vulnerability that stems from the fact that if the Compact method is called on an nsTArray, the array can be reallocated without updating the other pointers, leading to ...

UBUNTU-CVE-2020-26960

If the Compact method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...

An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap HandleMap HandleFlowSequence HandleSequence HandleNode. Remote attackers could leverage this vulnerability to cause a denial-of-service via a cpp file.

...

Denial of Service Vulnerability in Omron Small PLC Series CP1L

CP1L is Omron's compact PLC series, an all-in-one PLC with built-in pulse output, analog input/output, and serial communication functions. A denial of service vulnerability exists in the Omron compact PLC series CP1L, which can be exploited by an attacker to stop programs running on the device...

RUSTSEC-2020-0038 Memory safety issues in `compact::Vec`

compact::Vec contains multiple memory safety issues. 1. It mishandles large capacity and causes out-of-bound access in 32-bit / allocator layout mismatch in 64-bit. 2. remove is not panic-safe and causes double-free when an index larger than the length is provided...

Memory safety issues in `compact::Vec`

compact::Vec contains multiple memory safety issues. 1. It mishandles large capacity and causes out-of-bound access in 32-bit / allocator layout mismatch in 64-bit. 2. remove is not panic-safe and causes double-free when an index larger than the length is provided...

CVE-2020-10055

A vulnerability has been identified in Desigo CC V4.x, Desigo CC V3.x, Desigo CC Compact V4.x, Desigo CC Compact V3.x. Affected applications are delivered with a 3rd party component BIRT that contains a remote code execution vulnerability if the Advanced Reporting Engine is enabled. The...

CVE-2020-10055

CVE-2020-10055 affects Siemens Desigo CC and Desigo CC Compact (versions 3.x and 4.x) via a vulnerable third‑party BIRT component used by the Advanced Reporting Engine, enabling remote code execution with SYSTEM privileges. Mitigation: Siemens released patches for affected versions (and advises d...

Siemens Desigo CC and Desigo CC Compact Code Injection Vulnerability

Desigo CC is a comprehensive building management platform for managing high-performance buildings.Desigo CC Compact offers tailored solutions for small and medium-sized buildings. A code injection vulnerability exists in Siemens Desigo CC and Desigo CC Compact. Allows an unauthenticated, remote...

August 11, 2020—KB4565349 (OS Build 17763.1397)

August 11, 2020—KB4565349 OS Build 17763.1397 IMPORTANT Starting in July 2020, we will resume non-security releases for Windows 10 and Windows Server, version 1809 and later. There is no change to the cumulative monthly security updates also referred to as the "B" release or Update Tuesday releas...

CloudBees Jenkins Compact Columns Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Compact Columns Plugin is used in one of the...

CVE-2020-2195

Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission...

CVE-2020-2195

Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission...

CVE-2020-2195

Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission...

CVE-2020-2195

CVE-2020-2195 : The Jenkins Compact Columns Plugin (versions ≤ 1.11) stores unprocessed job descriptions in tooltips, causing a stored XSS vulnerability exploitable by users with Job/Configure permission. The issue is fixed in version 1.12 as per advisories; upgrade to 1.12+ to mitigate. Other co...

PT-2020-15409 · Jenkins · Jenkins Compact Columns Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Compact Columns Plugin versions 1.11 and earlier Description: The issue results in a stored cross-site scripting vulnerability. This can be exploited by users with Job/Configure permission, as the unprocessed job description is...

ParamKit - A Small Library Helping To Parse Commandline Parameters

A small library helping to parse commandline parameters for Windows. Objectives "like Python's argparse but for C/C++" compact and minimalistic easy to use extendable Demo Print help for each parameter: Easily store values of popular types, and verify if all required parameters are filled: Verify...

CVE-2020-8481

For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody...

CVE-2020-8475

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to...

Code injection

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to...