CVE-2021-29937

An issue was discovered in the telemetry crate through 2021-02-17 for Rust. There is a drop of uninitialized memory if a value.clone call panics within misc::vecwithsize...

Information disclosure

An issue was discovered in the adtensor crate through 2021-01-11 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix...

CVE-2021-29936

CVE-2021-29936 affects the adtensor crate for Rust. The FromIterator implementation for Vector and Matrix can drop uninitialized memory, due to its allocation logic, constituting a memory-safety issue. NVD metrics list a high/critical impact (CVSS v3.1: 9.8) with network access requirements. The ...

CVE-2021-29936

An issue was discovered in the adtensor crate through 2021-01-11 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix...

phpPgAdmin 7.13.0 Command Execution

Exploit Title: phpPgAdmin 7.13.0 - COPY FROM PROGRAM Command Execution Authenticated Date: 29/03/2021 Exploit Author: Valerio Severini Vendor Homepage: Software Link: https://github.com/phppgadmin/phppgadmin/releases/tag/REL7-13-0 Version: 7.13.0 or lower Tested on: Debian 10 and Ubuntu...

Patreon WordPress < 1.7.0 - Unauthenticated Local File Disclosure

The Jetpack Scan team identified a Local File Disclosure vulnerability in the plugin that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in t...

DEBIAN-CVE-2021-3446

A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the calle...

UBUNTU-CVE-2021-3446

A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the calle...

Arch Linux libtpms 安全特征问题漏洞

Arch Linux libtpms is a US Arch Linux open source application. A library that provides software emulation of Trusted Platform Modules TPM 1.2 and TPM 2.0. Arch Linux libtpms 0.8.2 suffers from a security signature issue vulnerability that stems from not returning the last initialization vector, b...

Fedora: Security Advisory for qt5-qtsvg (FEDORA-2021-a95a40b78b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Hobby Lobby Exposes Customer Data in Cloud Misconfiguration

Arts-and-crafts retailer Hobby Lobby has suffered a cloud-bucket misconfiguration, exposing a raft of customer information, according to a report. An independent security researcher who goes by the handle “Boogeyman” uncovered the issue and reported it to Motherboard in an online chat, according ...

Huawei Manageone Local Elevation of Privilege Vulnerability

Huawei Manageone is a cloud data center management solution from Huawei China. Huawei Manageone supports unified management of heterogeneous cloud resource pools and provides multi-level VDC matching customer organization model, service catalog planning, self-service, centralized alarm analysis,...

Thomas Mortagne xwiki-platform SQL注入漏洞

Xwiki Platform is a Wiki platform for creating Web collaboration applications from the French company Xwiki. XWiki Platform is vulnerable to SQL injection, which can be exploited by attackers to inject SQL statements for execution...

The vulnerability of the `expand_downwards` function in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the expanddownwards function in Linux kernel relates to the assignment of the null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2018-3620

Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of...

[SECURITY] Fedora 34 Update: batik-1.14-1.fc34

Batik is a Javatm technology based toolkit for applications that want to use images in the Scalable Vector Graphics SVG format for various purposes, such as viewing, generation or manipulation...

HelloKitty: When Cyberpunk met cy-purr-crime

On February 9, after discovering a compromise, CD Projekt Red CDPR announced to its 1+ million followers on Twitter that it was the victim of a ransomware attack against its systems and made it clear they would not yield to the demands of the threat actors, nor negotiate. Cyberpunk 2077, the late...

[SECURITY] Fedora 33 Update: qt5-qtsvg-5.15.2-3.fc33

Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices...

Rising Demand for DDoS Protection Software Market By 2020-2028

Distributed Denial of Service DDoS attack is a malicious form of attack that disrupts the regular network traffic by overwhelming the website with more traffic than the server can handle. The main aim of this kind of cyberattack is to render the website inoperable. Over recent years, these kinds ...

Metamorfo Banking Trojan Abuses AutoHotKey

The Metamorfo banking trojan is abusing AutoHotKey AHK and the AHK compiler to evade detection and steal users’ information, researchers have warned. AHK is a scripting language for Windows originally developed to create keyboard shortcuts i.e., hot keys. According to the Cofense Phishing Defense...