Use after free in image

Affected versions of this crate would call Vec::setlen on an uninitialized vector with user-provided type parameter, in an interface of the HDR image format decoder. They would then also call other code that could panic before initializing all instances. This could run Drop implementations on...

UBUNTU-CVE-2021-21849

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “tfra” FOURCC code due to unchecked...

GHSA-27J5-4P9V-PP67 `std::abort` raised from `TensorListReserve`

Impact Providing a negative element to numelements list argument of tf.rawops.TensorListReserve causes the runtime to abort the process due to reallocating a std::vector to have a negative number of elements: python import tensorflow as tf tf.rawops.TensorListReserve elementshape = tf.constant1,...

vaadin 代码问题漏洞

vaadin vaadin is an open source platform for web application development from Finnish company vaadin. the vaadin platform consists of a set of web components, a Java web framework, and a set of tools and application launchers. vaadin is an open source platform for web application development from...

Free of uninitialized memory in adtensor

An issue was discovered in the adtensor crate through 0.0.3 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix...

Double free in algorithmica

An issue was discovered in the algorithmica crate through 2021-03-07 for Rust. In the affected versions of this crate, mergesort::merge wildly duplicates and drops ownership of T without guarding against double-free. Due to such implementation, simply invoking mergesort::merge on Vec can cause...

hw: Vector Register Leakage-Active

A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state...

hw: Vector Register Data Sampling

A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read...

Adobe Illustrator 2021 OS Command Injection Vulnerability

Adobe Illustrator 2021 is a vector graphics software. Adobe Illustrator 2021 version 25.2.3 and earlier is vulnerable to a security flaw. An attacker can exploit this vulnerability to achieve arbitrary code execution in the context of the current user...

mootools 安全漏洞

mootools is a library for web development with OOP support. A security vulnerability exists in mootools that allows an attacker to pass untrusted input to the application's Object.merge...

RHEL 7 : microcode_ctl (RHSA-2021:3255)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3255 advisory. The microcodectl packages provide microcode updates for Intel. Security Fixes: hw: Special Register Buffer Data Sampling SRBDS CVE-2020-0543...

Adobe Illustrator 2021 Memory Corruption Vulnerability (CNVD-2021-74110)

Adobe Illustrator 2021 is a vector drawing software. A memory corruption vulnerability exists in Adobe Illustrator 2021 25.2.3 and earlier versions when processing specially crafted files. An attacker can exploit this vulnerability to execute arbitrary code...

firefly-iii 跨站请求伪造漏洞

firefly-iii is a free and open source personal finance manager. firefly-iii suffers from a cross-site request forgery vulnerability, which can be exploited by attackers to conduct cross-site request forgery attacks...

Adobe Illustrator 2021 out-of-bounds read vulnerability

Adobe Illustrator 2021 is a vector drawing software. Adobe Illustrator 2021 25.2.3 and earlier versions contain an out-of-bounds read vulnerability when handling specially crafted files. An attacker could exploit this vulnerability to cause a memory leak...

openSUSE 15 Security Update : java-1_8_0-openjdk (openSUSE-SU-2021:1176-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1176-1 advisory. - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Support...

GPAC Project on Advanced Content Integer Overflow Vulnerability (CNVD-2021-64077)

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...

GPAC Project on Advanced Content Integer Overflow Vulnerability (CNVD-2021-64079)

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...

CVE-2020-25926

The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning remote. The component is: dnsquerytype. The attack vector is: a specific DNS response packet...

CVE-2020-25927

The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service remote. The component is: DNS response processing in function: dnsupcall. The attack vector is: a specific DNS response packet. The code does not check whether the number o...

Design/Logic Flaw

The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service remote. The component is: DNS response processing in function: dnsupcall. The attack vector is: a specific DNS response packet. The code does not check whether the number o...