216 matches found
CVE-2021-29777
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of srevice IBM X-Force ID: 203031...
GSD-2021-1000305 async_xor: increase src_offs when dropping destination page
asyncxor: increase srcoffs when dropping destination page This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.4 by commit...
Security update for postsrsd (moderate)
openSUSE Security Update: Security update for postsrsd Announcement ID: openSUSE-SU-2021:0646-1 Rating: moderate References: 1180251 Cross-References: CVE-2020-35573 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for postsrs...
PasswordState password manager’s update hijacked to drop malware
By Habiba Rashid The customers were warned through an email that confirmed that the PasswordState software update feature had been compromised. This is a post from HackRead.com Read the original post: PasswordState password managers update hijacked to drop malware...
CVE-2021-29933
An issue was discovered in the insertmany crate through 2021-01-26 for Rust. Elements may be dropped twice if a .next method panics...
CVE-2021-29933
An issue was discovered in the insertmany crate through 2021-01-26 for Rust. Elements may be dropped twice if a .next method panics...
CVE-2021-23007
On BIG-IP versions 14.1.4 and 16.0.1.1, when the Traffic Management Microkernel TMM process handles certain undisclosed traffic, it may start dropping all fragmented IP traffic. Note: Software versions which have reached End of Software Development EoSD are not evaluated...
RUSTSEC-2021-0018 insert_slice_clone can double drop if Clone panics.
Affected versions of this crate used ptr::copy when inserting into the middle of a Vec. When ownership was temporarily duplicated during this copy, it calls the clone method of a user provided element. This issue can result in an element being double-freed if the clone call panics. Commit 20cb73d...
insert_slice_clone can double drop if Clone panics.
Affected versions of this crate used ptr::copy when inserting into the middle of a Vec. When ownership was temporarily duplicated during this copy, it calls the clone method of a user provided element. This issue can result in an element being double-freed if the clone call panics. Commit 20cb73d...
CentOS 8 : zsh (CESA-2020:0903)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:0903 advisory. - zsh: insecure dropping of privileges when unsetting PRIVILEGED option CVE-2019-20044 Note that Nessus has not tested for this issue but has instead relied onl...
`FixedCapacityDequeLike::clone()` can cause dropping uninitialized memory
Affected versions of this crate don't guard against panics, so that partially uninitialized buffer is dropped when user-provided T::clone panics in FixedCapacityDequeLike::clone. This causes memory corruption...
RUSTSEC-2020-0132 `FixedCapacityDequeLike::clone()` can cause dropping uninitialized memory
Affected versions of this crate don't guard against panics, so that partially uninitialized buffer is dropped when user-provided T::clone panics in FixedCapacityDequeLike::clone. This causes memory corruption...
NAT Slipstreaming (CVE-2020-28041)
SonicWall Firewalls are not vulnerable to the NAT Slipstreaming attack.SonicWall Firewall does not open an alternative port set in the SIP packet header, results in an invalid connection, and packets are dropped. CVE: CVE-2020-28041 Last updated: Dec. 15, 2020, 9:41 p.m...
USN-4616-2: AccountsService vulnerabilities
USN-4616-1 fixed several vulnerabilities in AccountsService. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Kevin Backhouse discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause...
postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks
A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption...
DEBIAN-CVE-2020-24330
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed...
GitHub Security Lab: CPP: Out of order Linux permission dropping without checking return codes
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: CPP: Out of order Linux permission dropping without checking return codes
This bug was reported directly to GitHub Security Lab...
Important: Red Hat Security Advisory: zsh security update
An update for zsh is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...
zsh: insecure dropping of privileges when unsetting PRIVILEGED option
A flaw was found in zsh. When unsetting the PRIVILEGED option, the shell sets its effective user and group IDs to match their respective real IDs. When the RUID and EUID were both non-zero, it is possible to regain the shell's former privileges. Also, the setopt built-in did not correctly report...