libfetch 缓冲区错误漏洞

libfetch is a browser extension that makes it easier to access the content of electronic resources subscribed to by the NIE Library. A buffer error vulnerability exists in libfetch that stems from incorrectly handling strings of numbers for the FTP and HTTP protocols. the FTP passive mode...

golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header

A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes...

ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch?

A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the built-in methods File.fnmatch and its alias File.fnmatch? did not properly handle path patterns containing the NULL byte. A remote attacker could exploit this flaw to make a Ruby...

Miniaudio 安全漏洞

Miniaudio is a single-file audio playback and capture library written in C. A buffer overflow vulnerability exists in Miniaudio version 0.10.35. The vulnerability stems from an out-of-bounds left shift of drwavbytestou32 in miniaudio.h. No detailed vulnerability details are currently available."...

glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits

An integer wraparound was discovered in glib due to passing a 64 bit sized value to function gmemdup which accepts a 32 bits number as argument. An attacker may abuse this flaw when an application linked against the glib library uses gbytesnew function or possibly other functions that use gmemdup...

SUSE: Security Advisory (SUSE-SU-2019:14163-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2021-32027

A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this...

Out-of-bounds

A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this...

kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run

A flaw was found in the Linux kernel. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability...

kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run

A flaw was found in the Linux kernel. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability...

golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs

A flaw was found in the Go encoding/binary package. Certain invalid inputs to the ReadUvarint or the ReadVarint causes those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This flaw possibly leads to processing more input than expected. The...

PT-2021-8194 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a function in the Linux kernel's amdgpu driver, specifically the validate bksv function in the hdcp1 execution.c module. This function is vulnerable to a buffer...

Denial of Service (DoS)

Overview @nubosoftware/node-static is a simple, compliant file streaming module for node Affected versions of this package are vulnerable to Denial of Service DoS. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and cras...

CVE-2021-32027

A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabilit...

Linux/x86 - setreuid(0) + execve(/bin/sh) Shellcode (29 bytes)

/ Author: Artur ajes Szymczak 2021 Function: Linux x86 shellcode, setreuid to 0 and then execute /bin/sh Size: 29 bytes Testing: $ gcc -fno-stack-protector -z execstack shellcodetester.c -o shellcode shellcodetester.c: In function ‘main’: shellcodetester.c:25:2: warning: incompatible implicit...

Denial Of Service (DoS)

Rust is vulnerable to denial of service. The optimization for joining strings can cause uninitialized bytes to be exposed or lead to an application crash...

Mozilla Rust Formatting String Error Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A format string error vulnerability exists in the standard library in versions of Rust prior to 1.52.0, which stems from the fact that if the length of a borrowed string is changed after checking it, it could...

Archives may contain uninitialized memory

rkyv is a serialization framework that writes struct-compatible memory to be stored or transmitted. During serialization, struct padding bytes and unused enum bytes may not be initialized. These bytes may be written to disk or sent over unsecured channels...

In the standard library in Rust before 1.52.0 there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.

...

CVE-2020-36323

In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed or the program to crash if the borrowed string changes after its length is checked...