CVE-2021-36766

Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/singlepage/dashboard/system/environment/logging.php Logging::updatelogging method. User input passed through the logFile request parameter is not properly sanitized before being used in a ca...

Usage of deprecated ChainLink API in GasOracle

Handle cmichel Vulnerability details The Chainlink API latestAnswer used in the GasOracle oracle wrappers is deprecated: This API is deprecated. Please see API Reference for the latest Price Feed API. Chainlink Docs Impact It seems like the old API can return stale data. Checks similar to that of...

Lack of return value check or use of SafeERC20 wrappers for token transfers

Handle 0xRajeev Vulnerability details Impact ERC20 tokens are specified to return a boolean value on token transfer and transferFrom. However, tokens may not adhere to the spec and return no value for success/failure. Checking the return values of ERC20 token transfers is therefore important to...

CVE-2021-0540

In halWrapperDataCallback of halwrapper.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android...

CVE-2021-0540

In halWrapperDataCallback of halwrapper.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android...

A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.

...

CVE-2021-3565

A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentialit...

UBUNTU-CVE-2021-3565

A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentialit...

PT-2024-11260 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a potential memory leak in the DMUB hw init function of the Linux kernel's drm/amd/display module. This leak occurs during suspend/resume scenarios due to the...

Unhandled return value of transferFrom in timeLockERC20() could lead to fund loss for recipients

Handle 0xRajeev Vulnerability details Impact ERC20 implementations are not always consistent. Some implementations of transfer and transferFrom could return ‘false’ on failure instead of reverting. It is safer to wrap such calls into require statements or use safe wrapper functions implementing...

GPGME Go wrapper contains Use After Free

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification...

ALEA-2021:1755 new module: swig:4.0

The simplified wrapper and interface generator SWIG is a software development utility to connect C, C++, and Objective C programs with a variety of high-level programming languages. SWIG is used to create high-level interpreted programming environments, systems integration, and as a utility for...

SUSE SLES12 Security Update : xen (SUSE-SU-2021:1580-1)

This update for xen fixes the following issues : A recent systemd update caused a regression in 'xenstored.service' systemd now fails to track units that use systemd-notify. bsc1183790 Add a fix to delay between the call to 'systemd-notify' and the final exit of the wrapper script. bsc1185021,...

Google Android 缓冲区错误漏洞

Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. An elevation of privilege vulnerability exists in Google Android halwrapper.cc. An attacker can exploit this vulnerability to escalate privileges...

Multiple vulnerabilities through filename manipulation in Archive_Tar

ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed. See: https://github.com/pear/ArchiveTar/issues/33...

GHSA-M496-X567-F98C Fixes a bug in Zend Framework's Stream HTTP Wrapper

Impact CVE-2021-3007: Backport of ZendHttpResponseStream, added certain type checking as a way to prevent exploitation. https://vulners.com/cve/CVE-2021-3007 This vulnerability is caused by the unsecured deserialization of an object. In versions higher than Zend Framework 3.0.0, the attacker abus...

SUSE: Security Advisory (SUSE-SU-2016:1024-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Arbitrary Code Execution

isolated-vm is vulnerable to arbitrary code execution. The vulnerability exists through the ability to instantiate NativeModule from the RAII wrapper, allowing the file upload API to create objects that could run native code...

Important: Red Hat Security Advisory: stunnel security update

An update for stunnel is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

FHEM 信息泄露漏洞

FHEM is a Perl-based server-side program from the FHEM community for controlling smart devices for house automation. The program runs as a server and you can control it directly via web or smartphone front-end, telnet or TCP / IP to automate some common tasks in your home, such as switching on/of...