ThinkJS 代码问题漏洞

ThinkJS is a Javascript-based and ES2015-enabled codebase for developing Node applications organized by ThinkJS. A code issue vulnerability exists in ThinkJS's think-helper, which stems from the component accepting input from upper-level groups for object initialization and modification without...

cloud-init bug fix and enhancement update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Bug Fixes and Enhancements: Intermittent failure to start cloud-init due to failu...

Machform 输入验证错误漏洞

MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. An open redirect vulnerability exists in Safariinit.php in versions prior to Machform 16. The vulnerability stems from improper validation of the ref parameter. An...

CVE-2021-33542

Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead to a remote code execution when unallocated memory is freed because of incompletely initialized data. The...

GSD-2021-1000812 pid: take a reference when initializing `cad_pid`

pid: take a reference when initializing cadpid This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.10 by commit...

UVI-2021-1000741 pid: take a reference when initializing `cad_pid`

pid: take a reference when initializing cadpid This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.194 by commit...

GSD-2021-1000732 pid: take a reference when initializing `cad_pid`

pid: take a reference when initializing cadpid This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.236 by commit...

CVE-2021-23994

A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

Missing initialization checks and setters for critical parameters of maxExitFee and maxTimelockDuration

Handle 0xRajeev Vulnerability details Impact maxExitFee and maxTimelockDuration are critical parameters that impact the UX and prize rewards for users. They are initialized once in initialize without any sanity/threshold checks and also lack any setters for modifying their values later in case of...

Initialization functions can be front-run with malicious values

Handle 0xRajeev Vulnerability details Impact Most contracts have public visibility initialization functions that can be front-run, allowing an attacker to incorrectly initialize the contracts. Due to the use of the delegatecall proxy pattern, PrizePool/YieldSourcePrizePool/StakePrizePool,...

Low: samba

Issue Overview: No CVE associated with this advisory Affected Packages: samba Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update samba or yum update...

Autodesk Design Review TIF File Parsing Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...

SUSE SLES12 Security Update : kernel (Live Patch 39 for SLE 12 SP3) (SUSE-SU-2021:2026-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2026-1 advisory. This update for the Linux Kernel 4.4.180-94144 fixes several issues. The following issues were fixed: - CVE-2021-33034: Fixed a...

PT-2021-8249 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a potential memory leak in the cppc cpufreq cpu init component of the Linux kernel. This memory leak occurs when resources are allocated but not freed in case o...

Security update for htmldoc (important)

openSUSE Security Update: Security update for htmldoc Announcement ID: openSUSE-SU-2021:0895-1 Rating: important References: 1184424 Cross-References: CVE-2021-20308 CVSS scores: CVE-2021-20308 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-20308 SUSE: 3.3...

QEMU 输入验证错误漏洞

QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. QEMU suffers from an input validation error vulnerability that stems from an integer overflow in initdevring that does not check the malloc siz...

QEMU Invalid Pointer Initialization Vulnerability (CNVD-2021-45768)

QEMU is a suite of analog processor software. A security vulnerability exists in QEMU that stems from the function udp6input using memory outside of the working mbuf buffer when processing udp packets from incoming guests that are smaller than the size of the udphdr structure. An attacker could...

QEMU Invalid Pointer Initialization Vulnerability (CNVD-2021-45769)

QEMU is a suite of analog processor software. A security vulnerability exists in QEMU that stems from the use of memory outside of the working mbuf buffer by the function udp6input when processing udp packets from incoming guests that are smaller than the size of the udphdr structure. An attacker...

CVE-2021-3594

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udpinput function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or...

Out-of-bounds

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftpinput function and could occur while processing a udp packet that is smaller than the size of the 'tftpt' structure. This issue may lead to out-of-bounds read access or...