GHSA-GHC8-5CGM-5RPF Inventory fails to prohibit standard library access prior to initialization of Rust standard library runtime

Affected versions allow arbitrary caller-provided code to execute before the lifetime of main. If the caller-provided code accesses particular pieces of the standard library that require an initialized Rust runtime, such as std::io or std::thread, these may not behave as documented. Panics are...

Information Disclosure

gitlab is vulnerable to Information Disclosure. Under certain conditions, improper access control in the library allows a malicious actor to gain information of the most recent commit in a private project via Merge Requests...

SUSE CVE-2021-43820

Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server checks whether th...

PT-2022-21140 · Unknown · Gin-Vue-Admin

Name of the Vulnerable Software and Affected Versions: Gin-Vue-Admin versions v2.5.1 through v2.5.3beta Description: The issue allows for Unrestricted File Upload, leading to the execution of javascript code through the 'Normal Upload' functionality to the Media Library. When an admin user views...

User can read any series without permission

Description A normal user can access any series without permission if they have access to at least one library. Version Tested on latest release 0.5.6.0 and on docker image 'kizaing/kavita:latest', with image pulled on September 17, 12:30 UTC Digest:...

Fuji Electric Alpha5

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Alpha5 Vulnerabilities: Access of Uninitialized Pointer, Out-of-bound Read, Stack-based Buffer Overflow, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these...

CVE-2019-8770

The issue was addressed with improved permissions logic. This issue is fixed in macOS Catalina 10.15. A malicious application may be able to access recent documents...

Improper access control

The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox...

Loophole in iOS Allows Developers Access to Users' Photos

A recently discovered hole in Apple’s iOS allows third-party developers access to users’ iPhone, iPad or iPod Touch photos by exploiting the device’s location data, according to a report from the New York Times’ Nick Bilton on the Bits blog yesterday. The loophole lies in the way that application...

Fedora Update for libHX FEDORA-2010-12950

Check for the Version of libHX OpenVAS Vulnerability Test Fedora Update for libHX FEDORA-2010-12950 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

Fedora Update for libHX FEDORA-2010-13127

Check for the Version of libHX OpenVAS Vulnerability Test Fedora Update for libHX FEDORA-2010-13127 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

CVE-2010-1751

Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors...

Design/Logic Flaw

Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors...

CVE-2010-1751

Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors...

PT-2010-3389 · Apple · Ios

Name of the Vulnerable Software and Affected Versions: Apple iOS versions prior to 4 Description: The issue allows remote attackers to obtain location information via unspecified vectors because the Application Sandbox in Apple iOS does not prevent photo-library access. Recommendations: For Apple...

PT-2009-3441 · Linux +2 · Linux +2

Name of the Vulnerable Software and Affected Versions: NovaStor NovaNET version 12 Description: The issue is related to a stack-based buffer overflow in the DtbClsLogin function, allowing remote attackers to execute arbitrary code on Linux platforms or cause a denial of service on Windows platfor...

CVE-2008-3657

The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen...

MDKA-2006:052 : opensc

Opensc is a library for accessing smart card devices. This update fixes a problem which prevented Oberthur smart cards from being recognized and used. %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a security fix. Disabled on 2012/09/06....

Oracle extproc directory traversal (#NISR23122004B)

NGSSoftware Insight Security Research Advisory Name: Oracle 10g/9i extproc directory traversal Systems Affected: Oracle 10g/9i on all operating systems Severity: Medium Risk Vendor URL: http://www.oracle.com/ Author: David Litchfield davidl at ngssoftware.com Relates to:...

wv: Buffer overflow vulnerability

Background The wv library allows access to MS Word files. It can parse Word files and allow other applications, such as abiword, to import those files into their native formats. Description A use of strcat without proper bounds checking leads to an exploitable buffer overflow. The vulnerable code...