Fedora: Security Advisory for q (FEDORA-2021-df1fa3d3e0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: rust-toolset:rhel8 security update

An update for the rust-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

golang: crypto/elliptic: incorrect operations on the P-224 curve

A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity...

Moderate: Red Hat Security Advisory: python3 security update

An update for python3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Moderate: Red Hat Security Advisory: python27:2.7 security update

An update for the python27:2.7 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Low: lua security update

The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Security Fixes: lua: segmentation fault in getlocal and setlocal functions in ldebug.c CVE-2020-24370...

lua security update

An update is available for lua. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The lua packages provide support for Lua, a powerful light-weight programming...

Fedora: Security Advisory for rust (FEDORA-2021-7ad3a01f6a)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The vulnerability relates to the SAPI extension of the PHP-FPM process runner, which is a PHP programming language interpreter. This vulnerability allows attackers to elevate their privileges to root.

The vulnerability of the SAPI extension for the PHP-FPM process interpreter involves access control issues when the processes are executed simultaneously. Exploiting this vulnerability can allow an attacker to gain elevated privileges to root...

Security update for go1.17 (moderate)

openSUSE Security Update: Security update for go1.17 Announcement ID: openSUSE-SU-2021:3488-1 Rating: moderate References: 1190649 1191468 Cross-References: CVE-2021-38297 CVSS scores: CVE-2021-38297 SUSE: 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: openSUSE Leap 15.3 An...

Squirrel Engine Bug Could Let Attackers Hack Games and Cloud Services

Researchers have disclosed an out-of-bounds read vulnerability in the Squirrel programming language that can be abused by attackers to break out of the sandbox restrictions and execute arbitrary code within a SquirrelVM, thus giving a malicious actor complete access to the underlying machine...

What is RCE (Remote code execution) attack ❓ Prevention methods

What is Remote Code Execution? Remote Code Execution or execution, also known as Arbitrary Code Execution, is a concept that describes a form of cyberattack in which the attacker can solely command the operation of another person’s computing device or computer. RCE takes place when malicious...

Fedora: Security Advisory for golang (FEDORA-2021-e71b05ba7b)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: golang-1.16.8-2.fc35

The Go Programming Language...

CVE-2021-41088

Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend started by elvish -web hosts an endpoint that allows executing the code sent from the web UI. The backend does not check the origin of requests correctly. As a...

CVE-2021-41088

Elvish (the language/shell) vulnerability CVE-2021-41088 affects versions prior to 0.14.0 where the web UI backend (elvish -web) accepts code from the web UI without proper origin validation. If a user has the web UI backend open and visits a malicious site, that site can send arbitrary code to t...

Mozilla Rust Memory Corruption Vulnerability (CNVD-2021-78746)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. a memory corruption vulnerability exists in Mozilla Rust, which stems from Rust's scottqueue crate. for Queue there is an unconditional send and sync implementation, which can be exploited by an attacker to caus...

Mozilla Rust Command Injection Vulnerability (CNVD-2021-85292)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Mozilla Rust is vulnerable to a command injection vulnerability that could be exploited by attackers to cause data contention...

Mozilla Rust Competition Condition Issue Vulnerability (CNVD-2021-85289)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. spacejam mode of Mozilla Rust is vulnerable to a contention condition issue that could be exploited by an attacker to allow secure Rust code to trigger data contention...

Mozilla Rust Memory Corruption Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. fizyk20/generic-array of Mozilla Rust suffers from a memory corruption vulnerability, which can be exploited by attackers to cause various memory corruption scenarios...