GHSA-X76R-966H-5QV9 Out-of-bounds Write in vec-const

An issue was discovered in the vec-const crate before 2.0.0 for Rust. It tries to construct a Vec from a pointer to a const slice, leading to memory corruption...

Resource Exhaustion Denial of Service in http-proxy-agent

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...

GHSA-86WF-436M-H424 Resource Exhaustion Denial of Service in http-proxy-agent

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...

Arbitrary Code Injection

Overview accesslog is a simple common/combined access log middleware Affected versions of this package are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If attacker-controlled user input is given to the format option of the package...

Usage of an incorrect version of ERC20Permit contract can give unknown token with 0 decimals after upgrade.

Handle Jujic Vulnerability details Impact Based on the context and comments in the code, the Malt.sol contract is designed to be deployed as an upgradeable proxy contract. In Solidity, code that is inside a constructor or part of a global variable declaration is not part of a deployed contract’s...

Unbounded feeBurnRate and marginBurnRate

Handle gzeon Vulnerability details Impact There are no checks when setting feeBurnRate and marginBurnRate in OverlayV1Mothership constructor and adjustGlobalParams, if one of the 2 variable is set to any value FixedPoint.ONE i.e. 1e18 it would lead to underflow at OverlayV1OVLCollateral:L147 and...

setReserve() can be front-run

Handle palina Vulnerability details Impact The reserve address variable in NestedFactory.sol remains equal to 0 before the setReserve function is called by an owner. This may lead to incorrect transfers of tokens or invalid comparison with e.g., the asset reserve nestedRecords.getAssetReservenftI...

Mozilla Firefox Security Advisory (MFSA2013-42) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Prototype Pollution

dotty is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes via the put function and modify attributes such as proto, constructor, and prototype...

Prevent execution with invalid signatures

Handle gpersoon Vulnerability details Impact Suppose one of the supplied addrsi to the constructor of Identity.sol happens to be 0 by accident. In that case: privileges0 = 1 Now suppose you call execute with an invalid signature, then recoverAddrImpl will return a value of 0 and thus signer=0. If...

GHSA-PGJJ-866W-FC5C Risk of code injection

Impact Some routes use eval or Function constructor, which may be injected by the target site with unsafe code, causing server-side security issues Patches Temporarily removed the problematic route and added a no-new-func rule to eslint Self-built users should upgrade to 7f1c430 and later as soon...

Deserialization of untrusted data

cwlviewer is a web application to view and share Common Workflow Language workflows. Versions prior to 1.3.1 contain a Deserialization of Untrusted Data vulnerability. Commit number f6066f09edb70033a2ce80200e9fa9e70a5c29de dated 2021-09-30 contains a patch. There are no available workarounds asid...

Cwlviewer 代码问题漏洞

Cwlviewer is a web application for viewing and sharing workflows in the Common Workflow Language. A code issue vulnerability exists in cwlviewer that stems from the SnakeYaml constructor allowing parsing of any data...

Remote Code Execution (RCE)

ghost is vulnerable to remote code execution. The vulnerability exists due to a command injection in nodemailer dependency which allows scripts to be executed in the constructor of the GhostMailer function...

CVE-2021-39549

An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function file::WavFile::WavFile located in wavfile.c. It allows an attacker to cause Denial of Service...

CVE-2021-32299

An issue was discovered in pbrt through 20200627. A stack-buffer-overflow exists in the function pbrt::ParamSet::ParamSet located in paramset.h. It allows an attacker to cause code Execution...

The vulnerability of the VDasher constructor in the Lottie playback library, related to data type conversion errors, allows attackers to access confidential data.

The vulnerability of the VDasher compiler’s Lottie animation playback library Rlottie is related to data type conversion errors. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data through a malicious animated sticker...

cumulativePower check should be inclusive

Handle pauliax Vulnerability details Impact Based on my understanding cumulativePower checks should be inclusive to indicate when the threshold is met. Otherwise, there might be impossible to reach it in certain cases e.g. when 100% power is required. Replace '' with '=' in constructor and functi...

Out of bounds read in fltk

An issue was discovered in the fltk crate before 0.15.3 for Rust. There is an out-of bounds read because the pixmap constructor lacks pixmap input validation...

GHSA-VJMG-PC8H-P6P8 Out of bounds read in fltk

An issue was discovered in the fltk crate before 0.15.3 for Rust. There is an out-of bounds read because the pixmap constructor lacks pixmap input validation...