Fedora: Security Advisory for mingw-harfbuzz (FEDORA-2022-a03b13b4d2)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for mingw-harfbuzz (FEDORA-2022-4bfa39df02)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Description of the security update for SharePoint Server 2019 Language Pack: January 11, 2022 (KB5002108)

Description of the security update for SharePoint Server 2019 Language Pack: January 11, 2022 KB5002108 Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures...

WordPress plugin 安全漏洞

WordPress plugin is an open source application plugin for WordPress. A security vulnerability exists in WordPress plugin, which originates in Beaver Themer, and can be exploited by an attacker to bypass conditional logic controls used to hide content when viewing a post archive, utilizing the...

GHSA-2GXJ-QRP2-53JV Incorrect reliance on Trait memory layout in mopa

The mopa crate redefines the deprecated TraitObject struct from core::raw. This is done to then transmute a reference to a trait object &dyn Trait for any trait Trait into this struct and retrieve the data field for the purpose of downcasting. This is used to implement downcastrefunchecked, in...

Incorrect reliance on Trait memory layout in mopa

The mopa crate redefines the deprecated TraitObject struct from core::raw. This is done to then transmute a reference to a trait object &dyn Trait for any trait Trait into this struct and retrieve the data field for the purpose of downcasting. This is used to implement downcastrefunchecked, in...

Abomonation transmutes &T to and from &[u8] without sufficient constraints

An issue was discovered in the abomonation crate through version 0.7.3 for Rust. Because transmute operations are insufficiently constrained, there can be an information leak or ASLR bypass...

CVE-2021-45708

An issue was discovered in the abomonation crate through 2021-10-17 for Rust. Because transmute operations are insufficiently constrained, there can be an information leak or ASLR bypass...

CVE-2021-45695

An issue was discovered in the mopa crate through 2021-06-01 for Rust. It incorrectly relies on Trait memory layout, possibly leading to future occurrences of arbitrary code execution or ASLR bypass...

CVE-2021-45695

An issue was discovered in the mopa crate through 2021-06-01 for Rust. It incorrectly relies on Trait memory layout, possibly leading to future occurrences of arbitrary code execution or ASLR bypass...

Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server which is shipped with IBM Intelligent Operations Center (CVE-2021-4104, CVE-2021-45046).

Summary IBM WebSphere® Application Server is shipped with IBM® Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could...

Apache Log4j2 Denial of Service Vulnerability (CNVD-2021-101661)

Log4j is an open source project of Apache , through the use of Log4j, you can control the destination of the log message delivery is the console , files , GUI components , and even sets of interfaces servers , NT's event logger and so on. A denial of service vulnerability exists in Apache Log4j2...

MGASA-2021-0566 Updated log4j packages fix security vulnerability

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...

Apache Log4j 安全漏洞

Log4j is an open source project of Apache , through the use of Log4j, you can control the destination of the log message delivery is the console , files , GUI components , and even sets of interfaces servers , NT's event logger and so on. A denial of service vulnerability exists in Apache Log4j2...

Apache Log4j 2.x < 2.17.0 DoS

The version of Apache Log4j on the remote host is 2.x 2.3.1 / 2.13.2 / 2.17.0. It is, therefore, affected by a denial of service vulnerability. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuratio...

CVE-2021-45046 Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...

UBUNTU-CVE-2021-45046

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...

PT-2021-5971 · Adobe · After Effects

Name of the Vulnerable Software and Affected Versions: Adobe After Effects versions 22.0 and earlier and 18.4.2 and earlier Description: The issue is related to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to...

PT-2021-5980 · Adobe · Media Encoder

Name of the Vulnerable Software and Affected Versions: Adobe Media Encoder versions 22.0, 15.4.2 and earlier Description: The issue is related to an out-of-bounds read vulnerability in Adobe Media Encoder that could lead to disclosure of sensitive memory. An attacker could leverage this...

CVE-2021-44186

Adobe Bridge version 11.1.2 and earlier and version 12.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user...