CVE-2021-21602

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks...

golang: data race in certain net/http servers including ReverseProxy can lead to DoS

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...

postgresql: psql's \gset allows overwriting specially treated variables

A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...

postgresql: Multiple features escape "security restricted operation" sandbox

A flaw was found in postgresql. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

xorg-x11-server: Out-of-bounds access in XkbSetMap function

A flaw was found in the X.Org Server. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

IBM Connect:Direct for UNIX 授权问题漏洞

IBM Connect: Direct for UNIX is the United States IBM a point-to-point can support multi-platform transfer of data between the tool software. The software supports z/OS, VSE, AS/400, UNIX IBM, SUN, HP, etc., LINUX, Windows and other 18 platforms, in addition to providing C, C + + +, JAVA,...

golang: malicious symbol names can lead to code execution at build time

An input validation vulnerability was found in Go. From a generated go file from the cgo tool, it is possible to modify symbols within that object file and specify code. This flaw allows an attacker to create a repository that includes malicious pre-built object files that could execute arbitrary...

php: Information disclosure in exif_read_data()

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure o...

Mozilla: Use-after-free in WebRequestService

During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...

bind: incorrect enforcement of update-policy rules of type "subdomain"

A flaw was found in bind. Updates to "Update-policy" rules of type "subdomain" are treated as if they were of type "zonesub" which allows updates to all parts of the zone along with the intended subdomain. The highest threat from this vulnerability is to data integrity...

bind: incorrect enforcement of update-policy rules of type "subdomain"

A flaw was found in bind. Updates to "Update-policy" rules of type "subdomain" are treated as if they were of type "zonesub" which allows updates to all parts of the zone along with the intended subdomain. The highest threat from this vulnerability is to data integrity...

wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. This flaw allows an attacker to cause an Out of memory OOM issue, leading to a denial of service. The highest threat from this vulnerability is to system availability...

ant: insecure temporary file vulnerability

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

ant: insecure temporary file vulnerability

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

batik: SSRF via "xlink:href"

A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack SSRF via "xlink:href" attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system...

freerdp: Out-of-bounds read in security_fips_decrypt in libfreerdp/core/security.c

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds OOB read vulnerability has been detected in securityfipsdecrypt in libfreerdp/core/security.c due to an uninitialized value...

SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c

SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMSADPCM in audio/SDLwave.c inside the wNumCoef loop...

SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c

SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMSADPCM in audio/SDLwave.c outside the wNumCoef loop...

SDL: buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c

SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDLLoadWAVRW in audio/SDLwave.c...