5256 matches found
Rust 资源管理错误漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in scratchpad crate before 1.3.1 for Rust, which stems from the move elements function being able to use double free. no details of the vulnerability are currently available...
The vulnerability of the Magento Commerce software development and management platform lies in its lack of measures to neutralize special elements used in the operating system, allowing attackers to execute arbitrary code.
The vulnerability of the Magento Commerce software development and management platform is related to the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the module for scheduled operations on the Magento Commerce software development and management platform allows a hacker to execute arbitrary code.
The vulnerability of the module for scheduled operations on the Magento Commerce software platform relates to the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the WebAPI interface of the Magento Commerce software development and management platform allows a perpetrator to execute arbitrary code.
The vulnerability of the WebAPI interface of the Magento Commerce software development and management platform relates to the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Fedora 32 : kernel (2021-8d45d297c6)
The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-8d45d297c6 advisory. - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant...
CVE-2021-23974
The DOMParser API did not properly process '' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox 86...
The vulnerability in the Junos operating system’s license-check mechanism allows a perpetrator to execute arbitrary commands with root privileges.
The vulnerability of the Junos operating system’s license-check mechanism is related to the failure to implement measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands with root privileges...
Race condition
Possible out of bounds while accessing global control elements due to race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired...
Multiple memory safety issues in insert_row
When inserting rows from an iterator at a particular index, toodee would shift items over, duplicating their ownership. The space reserved for the new elements was based on the len returned by the ExactSizeIterator. This could result in elements in the array being freed twice if the iterator...
SliceDeque::drain_filter can double drop an element if the predicate panics
Affected versions of the crate incremented the current index of the drain filter iterator before calling the predicate function self.pred. If the predicate function panics, it is possible for the last element in the iterator to be dropped twice...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an omission of errors that effectively imply the success of related batch elements. No details of the...
The vulnerability of the command-line interface of Cisco IOS XR routers from the Network Convergence System 540 Series and Cisco 8000 Series allows a attacker to elevate their privileges to the root level.
The vulnerability of the command-line interface of Cisco IOS XR routers from the Network Convergence System 540 Series and Cisco 8000 Series exists due to the lack of measures taken to neutralize the special elements used in the operating system’s command. Exploiting this vulnerability can allow...
VulnCheck KEV: CVE-2013-3896
Microsoft Silverlight does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application...
CVE-2021-20206
An improper limitation of path name flaw was found in containernetworking/cni. When specifying the plugin to load in the type field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows an...
Oracle Linux 6 : thunderbird (ELSA-2020-5238)
The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-5238 advisory. 78.5.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 78.5.0-1 - Update to 78.5.0 build3 Tenable has...
insert_slice_clone can double drop if Clone panics.
Affected versions of this crate used ptr::copy when inserting into the middle of a Vec. When ownership was temporarily duplicated during this copy, it calls the clone method of a user provided element. This issue can result in an element being double-freed if the clone call panics. Commit 20cb73d...
The vulnerability of the Adobe Download Manager’s download manager, related to incorrect elimination of special elements in the output data used by the incoming component, allows a hacker to execute arbitrary code.
The vulnerability of the Adobe Download Manager’s download manager is related to the incorrect elimination of certain elements in the output data used by the incoming component. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the chrome-launcher software arises from the lack of measures taken to neutralize special elements, allowing a perpetrator to execute arbitrary commands.
The vulnerability of the chrome-launcher software exists due to the lack of measures taken to neutralize special elements used in the operating system’s command line. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
Qualcomm Wlan Firmware Buffer Error Vulnerability
Qualcomm Wlan Firmware is a Wlan support firmware from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Wlan Firmware that originates from a buffer over-read due to improper IE length checking in receive beacons...
Qualcomm Chip Security Breach
A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and are often fabricated on the surface of semiconductor wafers. The Qualcomm chip suffers from a security vulnerability that stems from...