Open Source Matters Joomla 安全漏洞

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A local file inclusion vulnerability exists in Joomla! versions 3.0.0 through...

Who has the fastest F1 website in 2021? Part 4

This is part 4 in a multi-part series looking at the loading performance of F1 websites. Not interested in F1? It shouldn't matter. This is just a performance review of 10 recently-built/updated sites that have broadly the same goal, but are built by different teams, and have different performanc...

`quinn` invalidly assumes the memory layout of std::net::SocketAddr

The quinn crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the...

RUSTSEC-2021-0035 `quinn` invalidly assumes the memory layout of std::net::SocketAddr

The quinn crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the...

Design/Logic Flaw

A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest...

CVE-2020-27779

The CVE-2020-27779 issue affects grub2 prior to 2.06. The cutmem command does not honor Secure Boot locking, enabling a local attacker with privilege to remove memory address ranges and potentially bypass Secure Boot protections. Impacted effect includes data confidentiality, integrity, and avail...

grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled

A flaw was found in grub2. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this...

UBUNTU-CVE-2020-27779

A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest...

`nb-connect` invalidly assumes the memory layout of std::net::SocketAddr

The nb-connect crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about...

RUSTSEC-2021-0021 `nb-connect` invalidly assumes the memory layout of std::net::SocketAddr

The nb-connect crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about...

CVE-2021-21025

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to XML injection in the product layout updates. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful...

[SECURITY] Fedora 32 Update: pngcheck-2.4.0-7.fc32

pngcheck verifies the integrity of PNG, JNG and MNG files by checking the internal 32-bit CRCs checksums and decompressing the image data; it can optionally dump almost all of the chunk-level information in the image in human-readable form. For example, it can be used to print the basic statist i...

PT-2021-2310 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier Description: The issue concerns XML injection in the product layout updates of Magento. Successful exploitation could lead to arbitrar...

Unspecified Vulnerability in Rust (CNVD-2021-13698)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust glsl-layout crate before 0.4.0, which stems from double deletion of maparray when panic occurs. No details of the vulnerability are provided at this time...

CVE-2021-25902

An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. When a panic occurs, maparray can perform a double drop...

CVE-2021-25902

An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. When a panic occurs, maparray can perform a double drop...

Double free

An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. When a panic occurs, maparray can perform a double drop...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust glsl-layout crate before 0.4.0, which stems from double deletion of maparray when panic occurs. No details of the vulnerability are provided at this time...

CVE-2021-25902

An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. When a panic occurs, maparray can perform a double drop...

CVE-2021-25902

The CVE-2021-25902 issue affects the Rust crate glsl-layout prior to 0.4.0, where panicking inside the user-provided function f of map_array can cause a double drop of a single object. The root cause is inadequate handling of panic, allowing the object to be dropped twice. The vulnerability was m...