@alex.garcia/oak (>=0.0.17 <=0.0.19), @apify/better-sqlite3-prebuilds (=7.1.1) +195 more potentially affected by CVE-2021-32803 via tar (>=4.0.1 <=4.4.13)

tar NPM version =4.0.1, =0.0.17, =0.0.1, =0.2.0, =0.2.0, =3.0.7, =3.0.6, =1.4.0, =1.0.0, =1.0.0-alpha.1, =1.10.9-beta, =1.0.0, =1.1.4, =2.1.0, =2.2.0 and more Source cves: CVE-2021-32803 Source advisory: OSV:GHSA-R628-MHMH-QJHW...

Juniper Networks Junos OS Evolved 代码问题漏洞

Juniper Networks Junos OS Evolved is an upgraded version of Juniper Networks' Junos OS. Junos OS Evolved suffers from a code issue vulnerability that stems from a device configured with the ISIS Flexibility Algorithm for segmented routing and sensor-based statistics, where a single flap in an ISI...

OPENSUSE-SU-2021:1762-1 Security update for curl

This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure bsc1186114. - Allow partial chain verification jscSLE-17956 Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA...

UBUNTU-CVE-2021-36087

The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmapmatchany called indirectly from cilcheckneverallow. This occurs because there is sometimes a lack of checks for invalid statements in an optional block...

SELinux 资源管理错误漏洞

SELinux is a Linux subsystem from the National Security Agency that uses a secure architecture that allows administrators to better control who has access to the system. A security vulnerability exists in SELinux version 3.2, which stems from a use-after-free in the SELinux CIL compiler in the...

rpm 后置链接漏洞

rpm is a powerful command-line driven package management tool used to install, uninstall, verify, query, and update packages on Linux systems. A security vulnerability exists in rpm that stems from not performing unsafe symbolic link checks on intermediate directories. An attacker exploiting this...

UVI-2021-1000806 wireguard: allowedips: free empty intermediate nodes when removing single node

wireguard: allowedips: free empty intermediate nodes when removing single node This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.10 by commi...

GSD-2021-1000806 wireguard: allowedips: free empty intermediate nodes when removing single node

wireguard: allowedips: free empty intermediate nodes when removing single node This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.10 by commi...

UVI-2021-1000771 wireguard: allowedips: free empty intermediate nodes when removing single node

wireguard: allowedips: free empty intermediate nodes when removing single node This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.43 by commi...

GSD-2021-1000771 wireguard: allowedips: free empty intermediate nodes when removing single node

wireguard: allowedips: free empty intermediate nodes when removing single node This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.43 by commi...

SUSE: Security Advisory (SUSE-SU-2013:1920-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2021:1762-1 Security update for curl

This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure bsc1186114. - Allow partial chain verification jscSLE-17956 Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA...

curl security and bug fix update

7.61.1-18 - http: send payload when proxy authentication is done 1918692 - curl: Inferior OCSP verification CVE-2020-8286 - libcurl: FTP wildcard stack overflow CVE-2020-8285 - curl: trusting FTP PASV responses CVE-2020-8284 7.61.1-17 - validate an ssl connection using an intermediate certificate...

CentOS 8 : perl (CESA-2021:1678)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:1678 advisory. - perl: heap-based buffer overflow in regular expression compiler leads to DoS CVE-2020-10543 - perl: corruption of intermediate language state of...

Moderate: perl security and bug fix update

Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fixes: perl: heap-based buffer overflow in regular expression compiler leads to DoS CVE-2020-10543 perl: corruption of intermediate language state of compiled regular...

Atlassian Jira 安全漏洞

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia, Atlassian JIRA Server is a server version of the defect tracking management system. Atlassian JIRA Data Center is the data center version of Atlassian JIRA. Atlassian Jira Server and Data Center have a...

GHSA-M6GJ-H9GM-GW44 Django Incorrect Default Permissions

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 when Python 3.7+ is used. FILEUPLOADDIRECTORYPERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level...

UBUNTU-CVE-2020-35916

An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. In the case of LLVM, the IR may be always correct...

ALPINE-CVE-2020-24583

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 when Python 3.7+ is used. FILEUPLOADDIRECTORYPERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level...

DEBIAN-CVE-2020-24583

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 when Python 3.7+ is used. FILEUPLOADDIRECTORYPERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level...