Out of bounds write in stackvector

StackVec::extend used the lower and upper bounds from an Iterator's sizehint to determine how many items to push into the stack based vector. If the sizehint implementation returned a lower bound that was larger than the upper bound, StackVec would write out of bounds and overwrite memory on the...

[SECURITY] Fedora 34 Update: prosody-0.11.10-1.fc34

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

SNMP – Simply Not My Problem. Or is it?

TL;DR: Use SNMPv3; long gone is default community strings, hello complex passwords! Remove from the internet, if required, implement a VPN solution to restrict access to only authorised parties. SNMP is a protocol used for the remote management of devices on a network. By remote, we mean access...

Unbreakable Enterprise kernel security update

5.4.17-2102.202.5 - sctp: delay autoasconf init until binding the first addr Xin Long Orabug: 32907967 CVE-2021-23133 CVE-2021-23133 - dm ioctl: fix out of bounds array access when no devices Mikulas Patocka Orabug: 32860491 CVE-2021-31916 - uek-rpm: update kABI lists for the new symbols Saeed...

Prototype Pollution

Overview Prototype pollution vulnerability in 'js-extend' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. Recommendation Avoid using js-extend as there is no current safe version of this module References - CVE - GitHub Advisory...

Prototype pollution vulnerability in js-extend

Prototype pollution vulnerability in 'js-extend' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution...

GHSA-MH82-55CM-6GFH Prototype pollution vulnerability in js-extend

Prototype pollution vulnerability in 'js-extend' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution...

@ayk/registry (=1.0.0), @cag-group/google-api-tools (=0.3.1) +340 more potentially affected by CVE-2021-25945 via js-extend (>=0.0.1 <=1.0.1)

js-extend NPM version =0.0.1, =0.6.2, =2.1.12, =1.0.2, =3.4.1, =17.0.0, =1.0.0, =0.0.0, =1.0.0, =0.0.1, =1.0.0, =1.0.2 and more Source cves: CVE-2021-25945 Source advisory: OSV:GHSA-MH82-55CM-6GFH...

Unspecified vulnerability in js-extend

js-extend is a module for Npm with extension capabilities. A security vulnerability exists in js-extend versions 0.0.1 through 1.0.1, which can be exploited by an attacker to cause a denial of service and possibly remote code execution...

CVE-2021-25945

A flaw has been identified in js-extend. A prototype pollution vulnerability allows attackers to cause a denial of service and may lead to remote code execution. The highest threat from this vulnerability is to system availability...

Prototype Pollution

js-extend is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

CVE-2021-25945

Prototype pollution vulnerability in 'js-extend' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution...

CVE-2021-25945

Prototype pollution vulnerability in 'js-extend' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution...

CVE-2021-25945

CVE-2021-25945 affects the npm module js-extend (versions 0.0.1–1.0.1). A prototype pollution flaw is described as enabling denial of service and potentially remote code execution. The connected sources reiterate the vulnerability and recommend avoiding js-extend, but no concrete patch/version is...

js-extend 安全漏洞

js-extend is a module for Npm with extension capabilities. A security vulnerability exists in js-extend versions 0.0.1 through 1.0.1, which can be exploited by an attacker to cause a denial of service and possibly remote code execution...

PYSEC-2021-87

Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape i...

[SECURITY] Fedora 32 Update: prosody-0.11.9-1.fc32

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

Prototype Pollution in jalik/js-deep-extend

✍️ Description Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as proto, constructor and prototype. An attacker...

GHSA-CG42-4WRC-GP47 Code Injection in node-extend

node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...

Code Injection in node-extend

node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...