Design/Logic Flaw

An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. getformatinfo can cause a use-after-free...

Rust libpulse-binding crate 安全漏洞

Rust libpulse-binding crate is the repository that contains sys FFI and binding libraries crates for connecting to PulseAudio PA from the Rust programming language. A security vulnerability exists in Rust libpulse-binding crate versions prior to 2.6.0, which stems from a boundary error in the...

Rust libpulse-binding crate资源管理错误漏洞

Rust libpulse-binding crate is a repository containing sys FFI and binding libraries crates for connecting to PulseAudio PA from the Rust programming language.Mozilla Rust libpulse-binding crate memory corruption vulnerability, which stems from a security flaw in A security vulnerability exists i...

Rust libpulse-binding crate 资源管理错误漏洞

Rust libpulse-binding crate is the repository that contains sys FFI and binding libraries crates for connecting to PulseAudio PA from the Rust programming language. A security vulnerability exists in versions of Rust libpulse-binding crate prior to 1.2.1 that can lead to resource management error...

CVE-2018-25027

An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. getformatinfo can cause a use-after-free...

CVE-2018-25027

CVE-2018-25027 affects the Rust libpulse-binding crate prior to 1.2.1. The issue is a use-after-free in objects returned by get_format_info (and get_context per related advisories), leading to potential memory safety problems in PulseAudio bindings. Affected component: libpulse-binding (Rust crat...

CVE-2018-25028

An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. getcontext can cause a use-after-free...

CVE-2018-25028

CVE-2018-25028 affecting the Rust libpulse-binding crate prior to 1.2.1. The issue is a use-after-free in get_context (memory corruption risk) due to improper handling of underlying C objects. Public sources consistently describe this as a use-after-free vulnerability in the library, with multipl...

CVE-2019-25055

The CVE-2019-25055 entry concerns the libpulse-binding crate for Rust (pre-2.6.0). The issue is a panic that is mishandled across an FFI boundary, causing undefined behavior. Affected versions prior to 2.6.0 expose a boundary error in the FFI during panic propagation; this is the underlying root ...

CVE-2019-25055

An issue was discovered in the libpulse-binding crate before 2.6.0 for Rust. It mishandles a panic that crosses a Foreign Function Interface FFI boundary...

[SECURITY] Fedora 34 Update: tang-11-1.fc34

Tang is a small daemon for binding data to the presence of a third party...

[SECURITY] Fedora 35 Update: tang-11-1.fc35

Tang is a small daemon for binding data to the presence of a third party...

[SECURITY] [DSA 5025-1] tang security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5025-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 19, 2021 https://www.debian.org/security/faq -...

The vulnerability of the embedded software of NETGEAR routers such as NETGEAR GC108P, NETGEAR GC108PP, NETGEAR GS108Tv3, NETGEAR GS110TPP, NETGEAR GS110TPv3, NETGEAR GS110TUP, NETGEAR GS308T, NETGEAR GS310TP, NETGEAR GS710TUP, NETGEAR GS716TP, NETGEAR GS716TPP, NETGEAR GS724TPP, NETGEAR GS724TPv2, NETGEAR GS728TPPv2, NETGEAR GS728TPv2, NETGEAR GS750E, NETGEAR GS752TPP, NETGEAR GS752TPv2, NETGEAR MS510TXM, and NETGEAR MS510TXUP arises due to synchronization errors when using a shared resource. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the embedded software of NETGEAR routers such as NETGEAR GC108P, NETGEAR GC108PP, NETGEAR GS108Tv3, NETGEAR GS110TPP, NETGEAR GS110TPv3, NETGEAR GS110TUP, NETGEAR GS308T, NETGEAR GS310TP, NETGEAR GS710TUP, NETGEAR GS716TP, NETGEAR GS716TPP, NETGEAR GS724TPP, NETGEAR GS724TPv2...

CVE-2021-0769

In onCreate of AllowBindAppWidgetActivity.java, there is a possible bypass of user interaction requirements due to unclear UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

Seafile 安全漏洞

Seafile is an open source enterprise cloud disk from Haven Hootsuite Network Technologies. The product features Markdown WYSIWYG editing, Wiki, file labeling, and more. Seafile has a security vulnerability that stems from the use of synchronization tokens in the Seafile file synchronization...

xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality,...

xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality,...

PUB-A-192475653

In onNullBinding of ManagedServices.java, there is a possible permission bypass due to an incorrectly unbound service. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality,...