CVE-2021-22041

CVE-2021-22041 is a double-fetch vulnerability in the UHCI USB controller affecting VMware ESXi, Workstation, and Fusion. The flaw allows a malicious actor with local VM-level administrative privileges to execute code as the VMX process running on the host, via isochronous USB endpoints. Red Hat ...

AZL-41454 CVE-2022-23639 affecting package librsvg2 for versions less than 2.58.1-1

crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of i,u64 was always the same as AtomicI,U64. However, the alignment of i,u64 on a...

DEBIAN-CVE-2022-23639

crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of i,u64 was always the same as AtomicI,U64. However, the alignment of i,u64 on a...

UBUNTU-CVE-2022-23639

crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of i,u64 was always the same as AtomicI,U64. However, the alignment of i,u64 on a...

VMware ESXi 竞争条件问题漏洞

Vmware VMware ESXi is a server virtualization platform from Vmware that can be installed directly on physical servers. A Competing Conditions Issue vulnerability exists in VMware ESXi, which stems from a double fetch vulnerability in the product's UHCI USB controller. A remote user with...

VMSA-2022-0004:VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities

Advisory ID: VMSA-2022-0004 CVSSv3 Range: 5.3-8.4 Issue Date:2022-02-15 Updated On: 2022-02-15 Initial Advisory CVEs: CVE-2021-22040, CVE-2021-22041, CVE-2021-22042, CVE-2021-22043, CVE-2021-22050 Synopsis: VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities...

Exposure of Sensitive Information to an Unauthorized Actor in node-fetch/node-fetch

Description The Authorization header leaks from same hostname https-http redirect. If https://example.com redirects to http://example.com, then an attacker who can listen in on the wire or perform a MITM attack will be able to receive the Authorization header due to the use of the insecure HTTP...

EulerOS Virtualization 3.0.6.6 : sssd (EulerOS-SA-2022-1148)

According to the versions of the sssd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and cache-expire...

UBUNTU-CVE-2022-0561

Null source pointer passed as an argument to memcpy function within TIFFFetchStripThing in tifdirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712...

RUSTSEC-2022-0041 Unsoundness of AtomicCell<*64> arithmetics on 32-bit targets that support Atomic*64

Impact Affected versions of this crate incorrectly assumed that the alignment of i,u64 was always the same as AtomicI,U64. However, the alignment of i,u64 on a 32-bit target can be smaller than AtomicI,U64. This can cause the following problems: - Unaligned memory accesses - Data race Crates usin...

Fetch Softworks Fetch FTP Client 5.8 - Remote CPU Consumption (Denial of Service)

Exploit Title: Fetch Softworks Fetch FTP Client 5.8 - Remote CPU Consumption Denial of Service Exploit Author: liquidworm !/usr/bin/env python Fetch Softworks Fetch FTP Client 5.8 Remote CPU Consumption Denial of Service Vendor: Fetch Softworks Product web page: https://www.fetchsoftworks.com...

Fetch Softworks Fetch FTP Client 5.8 Denial Of Service Exploit

Fetch Softworks Fetch FTP Client version 5.8 suffers from a remote CPU consumption denial of service vulnerability. !/usr/bin/env python Fetch Softworks Fetch FTP Client 5.8 Remote CPU Consumption Denial of Service Vendor: Fetch Softworks Product web page: https://www.fetchsoftworks.com Affected...

Fetch Softworks Fetch FTP Client 5.8 Denial Of Service

!/usr/bin/env python Fetch Softworks Fetch FTP Client 5.8 Remote CPU Consumption Denial of Service Vendor: Fetch Softworks Product web page: https://www.fetchsoftworks.com Affected version: 5.8.2 5K1354 Summary: Fetch is a reliable, full-featured file transfer client for the Apple Macintosh whose...

Fetch Softworks Fetch FTP Client 5.8 Remote CPU Consumption (Denial of Service)

Summary Fetch is a reliable, full-featured file transfer client for the Apple Macintosh whose user interface emphasizes simplicity and ease of use. Fetch supports FTP and SFTP, the most popular file transfer protocols on the Internet for compatibility with thousands of Internet service providers,...

4i18n-cli (>=0.0.2 <=0.0.7), @acneidert/devtools (=0.0.6) +60 more potentially affected by CVE-2022-0235 via node-fetch (>=3.0.0 <=3.1.0)

node-fetch NPM version =3.0.0, =0.0.2, =1.273.2, =1.0.0, =2.14.0, =2.1.0, =0.0.83, =1.0.0, =1.0.0, =0.0.3, =19.7.0, =6.2.0, =0.0.1, =4.1.1, =4.1.2 and more Source cves: CVE-2022-0235 Source advisory: OSV:GHSA-R683-J2X4-V87G...

GHSA-R683-J2X4-V87G node-fetch forwards secure headers to untrusted sites

node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site...

node-fetch forwards secure headers to untrusted sites

node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site...

Five Star Business Profile and Schema < 2.1.7 - Subscriber+ Page Creation & Settings Update to Stored XSS

The plugin does not have any authorisation and CSRF in its bpfwpwelcomeaddcontactpage and bpfwpwelcomesetcontactinformation AJAX action, allowing any authenticated users, such as subscribers, to call them. Furthermore, due to the lack of sanitisation, it also lead to Stored Cross-Site Scripting...

Information Disclosure

node-fetch is vulnerable to information disclosure. The vulnerability exists due to the cookie header being leaked to third party site which allows an attacker to gain access to sensitive information...

The vulnerability of the fetch module in the Ansible configuration management system stems from deficiencies in path name restrictions, allowing attackers to access confidential data and compromise its integrity.

The vulnerability of the fetch module in the Ansible configuration system is related to deficiencies in pathname restrictions for directories. Exploiting this vulnerability could allow an attacker to access confidential data and compromise its integrity...