CVE-2021-20317

A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueueadd function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while runnin...

Linux kernel 安全漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable due to a corrupted timer tree resulting in a missing task wakeup in the timerqueueadd function in lib/timerqueue.c. The vulnerability can be exploited to cause a denial of...

DRUPAL-CONTRIB-2021-035

This module provides a powerful interface for managing a taxonomy vocabulary. A vocabulary gets displayed in a dynamic tree view, where parent terms can be expanded to list their nested child terms or can be collapsed. The module does not take the correct user permissions into account, allowing a...

RLSA-2021:3547 Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: SVM nested virtualization issue in KVM AVIC support CVE-2021-3653 For more details about the security issues, including the impact...

Cross-site Scripting (XSS) - Stored in fisharebest/webtrees

✍️ Description A malicious actor is able to add a malicious payload as a Family Tree Title, and after click the Family Tree nav button from the My Pages Menu, the XSS payload is executed. 🕵️‍♂️ Proof of Concept 1;Create a new family tree, either when logging in after install for the first time, or...

Moderate: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

CVE-2021-39135

@npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

orbtk (>=0.3.0 <=0.3.1-alpha-1), orbtk-api (>=0.3.0-alpha1 <=0.3.1-alpha2) +2 more potentially affected by CVE-2020-36459 via dces (=0.2.0)

dces CARGO version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on dces and may be impacted: - orbtk =0.3.0, =0.3.0-alpha1, =0.3.0-alpha1, =0.3.0-alpha1, =0.3.1-alpha2 Source cves: CVE-2020-36459 Source advisory: OSV:GHSA-HXW9-JXQW-JC8J...

Uncontrolled recursion in ammonia

An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization...

CVE-2021-21828

A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. In the default case of DecodeTreeBlock a label is created via CurPath::AddLabel in order to track the label for later reference. An attacker can provide a malicious fil...

CVE-2021-21827

A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within DecodeTreeBlock which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An...

DEBIAN-CVE-2020-18897

An use-after-free vulnerability in the libpffitemtreecreatenode function of libyal Libpff before 20180623 allows attackers to cause a denial of service DOS or execute arbitrary code via a crafted pff file...

RLSA-2021:3088 Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: race condition in net/can/bcm.c leads to local privilege escalation CVE-2021-3609 kernel: Improper handling of VMIO|VMPFNMAP vmas ...

PT-2021-7820 · At&T · At&T Labs Xmill

Name of the Vulnerable Software and Affected Versions: AT&T Labs Xmill version 0.7 Description: A heap-based buffer overflow issue exists in the XML Decompression DecodeTreeBlock functionality. Within DecodeTreeBlock, which is called during the decompression of an XMI file, a UINT32 is loaded fro...

GSD-2021-1001287 dm btree remove: assign new_root only when removal succeeds

dm btree remove: assign newroot only when removal succeeds This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.51 by commit...

MISP 跨站脚本漏洞

MISP is an open source software solution. The product is used to collect, store, distribute, and share network security metrics, and has features such as threat network security event analysis and malware analysis. a cross-site scripting vulnerability exists in MISP, which stems from...

PT-2021-21856 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP version 2.4.147 Description: The issue allows Stored XSS when viewing galaxy cluster relationships. This occurs in the app/View/Elements/GalaxyClusters/view relation tree.ctp file. Recommendations: For MISP version 2.4.147, consider...

CVE-2021-37742

Summary: CVE-2021-37742 affects MISP 2.4.147 with a Stored XSS in the view file app/View/Elements/GalaxyClusters/view_relation_tree.ctp when viewing galaxy cluster relationships. The issue originates from that view template; exploitation could occur in the user’s browser when rendering the affect...

Fedora: Security Advisory for libbpf (FEDORA-2021-4786624190)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...