CVE-2021-44033

In Ionic Identity Vault before 5.0.5, the protection mechanism for invalid unlock attempts can be bypassed...

USN-5148-1 hivex vulnerability

It was discovered that hivex incorrectly handled certain input. An attacker could use this vulnerability to cause a crash or obtain sensitive information...

CLSA-2021-1634922551 Fixed CVE-2021-25217 in dhcp

CVE-2021-25217: avoid buffer overrun...

BELL-CVE-2021-35559 CVE-2021-35559 does not affect BellSoft software

Bulletin has no description...

Code injection in Kubernetes Java Client

Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution...

CVE-2021-25469

A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code execution...

BELL-CVE-2016-20012 CVE-2016-20012 does not affect BellSoft software

Bulletin has no description...

CVE-2021-38646

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability...

Manage Open Source Software Library Risks

Learn about the growing open source library trend, the pros and cons of using open source code, and how to mitigate associated risks...

7ghost (>=4.11.0 <=4.11.46), @0x18b2ee/parse-server (>=3.10.1 <=3.11.0) +3401 more potentially affected by CVE-2021-23406 via degenerator (>=1.0.4 <=2.2.0)

degenerator NPM version =1.0.4, =4.11.0, =3.10.1, =0.1.0, =0.1.0, =0.0.1, =1.6.1, =0.0.1, =1.4.1, =0.2.2, =0.2.2, =0.0.1, =0.1.2 - @adaptcharm/email =1.1.1 and more Source cves: CVE-2021-23406 Source advisory: OSV:GHSA-9J49-MFVP-VMHM...

CVE-2021-34511

Windows Installer Elevation of Privilege Vulnerability...

CVE-2021-34383

Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow might lead to denial of service or escalation of privileges...

CVE-2021-31662

RIOT-OS 2021.01 before commit 07f1254d8537497552e7dce80364aaead9266bbe contains a buffer overflow which could allow attackers to obtain sensitive information...

CVE-2021-32940

An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK All versions prior to 2022.5 resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allow attackers to cause a denial-of-servi...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +162 more potentially affected by CVE-2021-29545 via tensorflow-gpu (>=1.10.1 <=2.2.0)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 - classitransformers =0.0.1 and more Source cves: CVE-2021-29545 Source advisory: OSV:PYSEC-2021-671...

GHSA-4Q97-FH3F-J294 Prototype Pollution in tiny-conf

All versions of package tiny-conf up to and including version 1.1.0 are vulnerable to Prototype Pollution via the set function...

GHSA-6FW4-HR69-G3RV Prototype Pollution in property-expr

The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function...

cumulative-distribution-function 输入验证错误漏洞

cumulative-distribution-function is a software application. Computes a statistical cumulative distribution function from an array of x-valued data. A security vulnerability exists in cumulative-distribution-function versions prior to 2.0.0, which stems from the fact that an application using this...

BMD BMDWeb 2.0 Cross Site Scripting Vulnerability

======================================================================= title: Stored Cross Site Scripting Outdated software library product: BMD BMDWeb 2.0 vulnerable version: BMD versions prior to 24.01.21 fixed version: 24.01.21 and 24.02.11 or higher CVE number: - impact: High homepage:...

BELL-CVE-2021-29648 CVE-2021-29648 does not affect BellSoft software

Bulletin has no description...