sqlite security update

An update is available for sqlite. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list SQLite is a C library that implements an SQL database engine. A large subset o...

Moderate: sqlite security update

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

Google Android 资源管理错误漏洞

Android is a Linux-based open source operating system developed by Google Inc. and the Open Handheld Alliance OHA. an elevation of privilege vulnerability exists in the Google Android Kernel component ION, which could be exploited by an attacker to cause a local elevation of privilege without...

NewStart CGSL CORE 5.05 / MAIN 5.05 : grub2 Multiple Vulnerabilities (NS-SA-2021-0139)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has grub2 packages installed that are affected by multiple vulnerabilities: - A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw...

CVE-2021-32762

Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis librar...

AZL-61842 CVE-2021-32762 affecting package pcp 6.3.2-1

Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis librar...

CVE-2021-32762

Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis librar...

CVE-2021-32762

Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis librar...

CVE-2021-32762 Integer overflow that can lead to heap overflow in redis-cli, redis-sentinel on some platforms

Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis librar...

Memory corruption in smallvec

Attempting to call grow on a spilled SmallVec with a value less than the current capacity causes corruption of memory allocator data structures. An attacker that controls the value passed to grow may exploit this flaw to obtain memory contents or gain remote code execution...

Wind River VxWorks < 7.0 Multiple Vulnerabilities

According to its self-reported version, the remote device is Wind River VxWorks and it's affected by multiple vulnerabilities: - The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc. As a result, the actual memory allocated is smaller...

RUSTSEC-2021-0082 vec-const attempts to construct a Vec from a pointer to a const slice

Affected versions of this crate claimed to construct a const Vec with nonzero length and capacity, but that cannot be done because such a Vec requires a pointer from an allocator. The implementation was later changed to just construct a std::borrow::Cow...

vec-const attempts to construct a Vec from a pointer to a const slice

Affected versions of this crate claimed to construct a const Vec with nonzero length and capacity, but that cannot be done because such a Vec requires a pointer from an allocator. The implementation was later changed to just construct a std::borrow::Cow...

OSV-2021-998 Dynamic-stack-buffer-overflow in std::__1::__wrap_iter<char const*>::__wrap_iter

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36137 Crash type: Dynamic-stack-buffer-overflow WRITE 8 Crash state: std::1::wrapiter::wrapiter std::1::basicstring, std::1::allocatorch geos::io::StringTokenizer::StringTokenizer...

OSV-2021-950 Dynamic-stack-buffer-overflow in std::__1::__wrap_iter<hsql::Expr**>::__wrap_iter

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35944 Crash type: Dynamic-stack-buffer-overflow WRITE 8 Crash state: std::1::wrapiter::wrapiter std::1::vector ::makeiter std::1::vector ::begin...

CVE-2020-36400

A flaw has been identified in zeromq. A heap-based buffer overflow is possible in zmq::tcpread by resizing a fixed static allocator. The highest threat from this vulnerability is to system availability...

RUSTSEC-2021-0145 Potential unaligned read

On windows, atty dereferences a potentially unaligned pointer. In practice however, the pointer won't be unaligned unless a custom global allocator is used. In particular, the System allocator on windows uses HeapAlloc, which guarantees a large enough alignment. atty is Unmaintained A Pull Reques...

Potential unaligned read

On windows, atty dereferences a potentially unaligned pointer. In practice however, the pointer won't be unaligned unless a custom global allocator is used. In particular, the System allocator on windows uses HeapAlloc, which guarantees a large enough alignment. atty is Unmaintained A Pull Reques...

CVE-2021-28693

xen/arm: Boot modules are not scrubbed The bootloader will load boot modules e.g. kernel, initramfs... in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules, Xen must "scrub" them before handing the page over to the...

Arbitrary Code Execution

unbound is vulnerable to arbitrary code execution. An integer overflow in the regional allocator via the ALIGNUP macro allows an attacker to execute arbitrary code on the host OS...