RUSTSEC-2021-0042 insert_many can drop elements twice on panic

Affected versions of insertmany used ptr::copy to move over items in a vector to make space before inserting, duplicating their ownership. It then iterated over a provided Iterator to insert the new items. If the iterator's .next method panics then the vector would drop the same elements twice...

insert_many can drop elements twice on panic

Affected versions of insertmany used ptr::copy to move over items in a vector to make space before inserting, duplicating their ownership. It then iterated over a provided Iterator to insert the new items. If the iterator's .next method panics then the vector would drop the same elements twice...

Winmail Code Issue Vulnerability

Winmail is a server-side application used to provide email services by Suzhou Huazhao Technology Winmail Company in China. A code issue vulnerability exists in Winmail version 6.5. An attacker can exploit this vulnerability to cause the server to send requests to a specific URL...

CVE-2021-2107

Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite component: Outcome-Result. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2021-2025

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Analytics Web General. Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker wi...

CVE-2021-1994

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Web Services. Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic...

CVE-2021-2129

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

CVE-2021-2071

CVE-2021-2071 affects Oracle PeopleSoft Enterprise PeopleTools, specifically the Elastic Search component, with affected versions 8.56, 8.57, and 8.58. The vulnerability is exploitable over HTTP by an unauthenticated, network-accessing attacker and can lead to takeover of PeopleSoft Enterprise Pe...

The vulnerability of the SVG markup language implementation in Mozilla Firefox browsers allows attackers to compromise data integrity.

The vulnerability of the SVG markup language implementation in Mozilla Firefox’s browser is related to the lack of a mechanism for checking the tags. These tags can, in turn, utilize tags. Exploiting this vulnerability could allow an attacker to compromise the integrity of data...

Weseek GROWI 跨站脚本漏洞

WESEEK GROWI is a suite of team collaboration software from Weseek Japan. A cross-site scripting vulnerability exists in WESEEK GROWI, which can be exploited by a remote attacker to inject arbitrary script via an unspecified vector...

Design/Logic Flaw

The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...

CVE-2020-1865

There is an out-of-bounds read vulnerability in Huawei CloudEngine products. The software reads data past the end of the intended buffer when parsing certain PIM message, an adjacent attacker could send crafted PIM messages to the device, successful exploit could cause out of bounds read when the...

CVE-2021-1647 Microsoft Windows Defender Zero-Day Vulnerability

Microsoft Defender Remote Code Execution Vulnerability Recent assessments: cdelafuente-r7 at January 13, 2021 3:55pm UTC reported: No useful information has been published so far and most of the speculations found online are based on the CVSS 3.0 metrics found in the advisory. That said, the atta...

RUSTSEC-2021-0045 FromIterator implementation for Vector/Matrix can drop uninitialized memory

The FromIterator methods for Vector and Matrix rely on the type parameter N to allocate space in the iterable. If the passed in N type parameter is larger than the number of items returned by the iterator, it can lead to uninitialized memory being left in the Vector or Matrix type which gets...

FromIterator implementation for Vector/Matrix can drop uninitialized memory

The FromIterator methods for Vector and Matrix rely on the type parameter N to allocate space in the iterable. If the passed in N type parameter is larger than the number of items returned by the iterator, it can lead to uninitialized memory being left in the Vector or Matrix type which gets...

Security Bulletin: NVIDIA GPU Display Driver - January 2021

NVIDIA has released a software security update for NVIDIA® GPU Display Driver. This update addresses issues that may lead to denial of service, escalation of privileges, data tampering, or information disclosure. To protect your system, download and install this software update from the NVIDIA...

CVE-2020-36171

The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads...

CVE-2020-36171

The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads...

Nextcloud 跨站脚本漏洞

Nextcloud Contacts is the user interface for Nextcloud's CardDAV server. A cross-site scripting vulnerability exists in Nextcloud Contacts 3.3.0. The vulnerability stems from a missing file type check. An attacker can exploit this vulnerability by uploading a malicious SVG file to conduct a...

Kozea CairoSVG Resource Management Error Vulnerability

Kozea CairoSVG is a Python based program from the Kozea community that converts SVG files to PDF, EPS, PS and PNG files. A resource management error vulnerability exists in versions of CairoSVG prior to 2.5.1, which can be exploited by an attacker to deliver a malicious SVG and cause the program ...