197 matches found
CVE-2021-31919
An issue was discovered in the rkyv crate before 0.6.0 for Rust. When an archive is created via serialization, the archive content may contain uninitialized values of certain parts of a struct...
Rust rkyv crate 安全漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust rkyv crate versions prior to 0.6.0, which stems from the fact that when an archive is created via serialization, the contents of the archive may contain uninitialized valu...
Vault rewards last claim time not always initialized
Handle @cmichelio Vulnerability details Vulnerability Details The harvest calls calcCurrentReward which computes secondsSinceClaim = block.timestamp - mapMemberSynthlastTimemembersynth;. As one can claim different synths than the synths that they deposited, mapMemberSynthlastTimemembersynth might...
Unspecified Vulnerability in Eclipse OpenJ9
Eclipse OpenJ9 is a Java application engine from the Eclipse Foundation. The product is primarily used to run Java applications. A security vulnerability exists in Eclipse Openj9 version 0.25, which stems from the fact that the jdk.internal.reflect.ConstantPool API causes the JVM to pre-parse...
Design/Logic Flaw
In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a us...
CVE-2021-28167
In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a us...
CVE-2021-28167
In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a us...
CVE-2021-28167
In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a us...
Rust buffer overflow vulnerability (CNVD-2021-29835)
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in reorder crate for Rust 2021-02-24 and earlier, which stems from the fact that swapindex may return uninitialized values if the len returned by the iterator is too large...
CVE-2021-29942
An issue was discovered in the reorder crate through 2021-02-24 for Rust. swapindex can return uninitialized values if an iterator returns a len that is too large...
CVE-2021-29942
An issue was discovered in the reorder crate through 2021-02-24 for Rust. swapindex can return uninitialized values if an iterator returns a len that is too large...
Code injection
An issue was discovered in the reorder crate through 2021-02-24 for Rust. swapindex can return uninitialized values if an iterator returns a len that is too large...
CVE-2021-29942
CVE-2021-29942 affects the Rust reorder crate. The issue is in swap_index: if the iterator’s len() is too large, swap_index may return uninitialized values; if len() is too small, it can write out of bounds. In short, the vulnerability stems from incorrect use of iterator length hints in construc...
CVE-2021-29942
An issue was discovered in the reorder crate through 2021-02-24 for Rust. swapindex can return uninitialized values if an iterator returns a len that is too large...
Rust 缓冲区错误漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in reorder crate for Rust 2021-02-24 and earlier, which stems from the fact that swapindex may return uninitialized values if the len returned by the iterator is too large...
CVE-2021-29648
An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolvedids and resolvedsizes are intentionally uninitialized in the vmlinux BPF Type Format BTF, which can cause a system crash upon an unexpected access attempt in mapcreate in...
CVE-2020-28588
A flaw read uninitialized values in the Linux kernel syscall implementation on 32 bit-systems was found in the way user reading /proc/self/syscall. A local user could use this flaw to read three 64 bits uninitialized values, but cannot control which values. The highest threat from this...
Arbitrary Code Execution
tensorflow is vulnerable to arbitrary code execution. An attacker is able to execute arbitrary code on the host OS via a saved model by triggering the use of uninitialized values during code execution...
CVE-2020-26266
In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen...
PYSEC-2020-297
In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen...