6 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-20149
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by...
Rainbow Artifacts from Electromagnetic Signal Injection Attacks on Image Sensors
Image sensors are integral to a wide range of safety- and security-critical systems, including surveillance infrastructure, autonomous vehicles, and industrial automation. These systems rely on the integrity of visual data to make decisions. In this work, we investigate a novel class of...
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name as demonstrated by 'constructor': {'name':'Symbol'}. Hence a crafted payload can overwrite this builtin attribute to manipulate the type detection result.
...
GSD-2021-1002562 net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources()
net/mlx4en: Fix an use-after-free bug in mlx4entryallocresources This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.7 by commit...
UVI-2021-1001466 usb: max-3421: Prevent corruption of freed memory
usb: max-3421: Prevent corruption of freed memory This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.277 by commit...
DEBIAN-CVE-2019-20149
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': 'name':'Symbol'. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result...