Lucene search
+L

197 matches found

Cvelist
Cvelist
added 2021/04/30 3:0 a.m.29 views

CVE-2021-31919

An issue was discovered in the rkyv crate before 0.6.0 for Rust. When an archive is created via serialization, the archive content may contain uninitialized values of certain parts of a struct...

7.7AI score0.01079EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/04/29 12:0 a.m.6 views

Rust rkyv crate 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust rkyv crate versions prior to 0.6.0, which stems from the fact that when an archive is created via serialization, the contents of the archive may contain uninitialized valu...

7.5CVSS5.5AI score0.01079EPSS
Exploits0References2
Code423n4
Code423n4
added 2021/04/28 12:0 a.m.10 views

Vault rewards last claim time not always initialized

Handle @cmichelio Vulnerability details Vulnerability Details The harvest calls calcCurrentReward which computes secondsSinceClaim = block.timestamp - mapMemberSynthlastTimemembersynth;. As one can claim different synths than the synths that they deposited, mapMemberSynthlastTimemembersynth might...

6.9AI score
Exploits0
CNVD
CNVD
added 2021/04/22 12:0 a.m.7 views

Unspecified Vulnerability in Eclipse OpenJ9

Eclipse OpenJ9 is a Java application engine from the Eclipse Foundation. The product is primarily used to run Java applications. A security vulnerability exists in Eclipse Openj9 version 0.25, which stems from the fact that the jdk.internal.reflect.ConstantPool API causes the JVM to pre-parse...

6.5CVSS6.5AI score0.01104EPSS
Exploits1References1
Prion
Prion
added 2021/04/21 6:15 p.m.15 views

Design/Logic Flaw

In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a us...

6.4CVSS6.2AI score0.01104EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/04/21 6:15 p.m.3 views

CVE-2021-28167

In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a us...

6.5CVSS6.3AI score0.01104EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/04/21 5:30 p.m.19 views

CVE-2021-28167

In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a us...

6.8AI score0.01104EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2021/04/21 5:30 p.m.17 views

CVE-2021-28167

In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a us...

6.6AI score0.01104EPSS
Exploits1References2
CNVD
CNVD
added 2021/04/16 12:0 a.m.9 views

Rust buffer overflow vulnerability (CNVD-2021-29835)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in reorder crate for Rust 2021-02-24 and earlier, which stems from the fact that swapindex may return uninitialized values if the len returned by the iterator is too large...

7.5CVSS7.1AI score0.009EPSS
Exploits1References1
OSV
OSV
added 2021/04/01 5:15 a.m.4 views

CVE-2021-29942

An issue was discovered in the reorder crate through 2021-02-24 for Rust. swapindex can return uninitialized values if an iterator returns a len that is too large...

7.3CVSS7.1AI score0.009EPSS
Exploits2References1
NVD
NVD
added 2021/04/01 5:15 a.m.27 views

CVE-2021-29942

An issue was discovered in the reorder crate through 2021-02-24 for Rust. swapindex can return uninitialized values if an iterator returns a len that is too large...

7.5CVSS0.009EPSS
Exploits1References1
Prion
Prion
added 2021/04/01 5:15 a.m.13 views

Code injection

An issue was discovered in the reorder crate through 2021-02-24 for Rust. swapindex can return uninitialized values if an iterator returns a len that is too large...

7.5CVSS7.1AI score0.009EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/04/01 4:22 a.m.78 views

CVE-2021-29942

CVE-2021-29942 affects the Rust reorder crate. The issue is in swap_index: if the iterator’s len() is too large, swap_index may return uninitialized values; if len() is too small, it can write out of bounds. In short, the vulnerability stems from incorrect use of iterator length hints in construc...

7.5CVSS7AI score0.009EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/04/01 4:22 a.m.36 views

CVE-2021-29942

An issue was discovered in the reorder crate through 2021-02-24 for Rust. swapindex can return uninitialized values if an iterator returns a len that is too large...

7.3AI score0.009EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/04/01 12:0 a.m.7 views

Rust 缓冲区错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in reorder crate for Rust 2021-02-24 and earlier, which stems from the fact that swapindex may return uninitialized values if the len returned by the iterator is too large...

7.5CVSS5.9AI score0.009EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2021/03/30 8:36 p.m.60 views

CVE-2021-29648

An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolvedids and resolvedsizes are intentionally uninitialized in the vmlinux BPF Type Format BTF, which can cause a system crash upon an unexpected access attempt in mapcreate in...

5.5CVSS6.3AI score0.00284EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2021/02/25 6:35 p.m.36 views

CVE-2020-28588

A flaw read uninitialized values in the Linux kernel syscall implementation on 32 bit-systems was found in the way user reading /proc/self/syscall. A local user could use this flaw to read three 64 bits uninitialized values, but cannot control which values. The highest threat from this...

5.5CVSS0.8AI score0.011EPSS
Exploits1References4
Veracode
Veracode
added 2020/12/11 3:15 a.m.25 views

Arbitrary Code Execution

tensorflow is vulnerable to arbitrary code execution. An attacker is able to execute arbitrary code on the host OS via a saved model by triggering the use of uninitialized values during code execution...

5.3CVSS5.1AI score0.00243EPSS
Exploits1References3Affected Software3
OSV
OSV
added 2020/12/10 11:15 p.m.25 views

CVE-2020-26266

In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen...

5.3CVSS5.3AI score
Exploits0References2
PyPA
PyPA
added 2020/12/10 11:15 p.m.7 views

PYSEC-2020-297

In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen...

5.3CVSS7.5AI score0.00243EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder