GitLab 代码问题漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. GitLab has a code issue vulnerability that originates from an improperly...

NumPy 安全漏洞

NumPy is a Python scientific computing package. The product supports a large number of dimensional arrays and matrix calculations, as well as providing a large library of mathematical functions for data operations. A security vulnerability exists in NumPy 1.9 that stems from incomplete string...

_calculateMaltRequiredForExit makes wrong calculations

Handle 0x0x0x Vulnerability details Proof of concept calculateMaltRequiredForExit calculates the quantity of malts returned. uint256 maltQuantity = userMaltPurchased.mulamount.divuserCommitment; uint256 fullReturn = maltQuantity.mulcurrentPrice / pegPrice; userMaltPurchased / userCommitment...

in bookstackapp/bookstack

Description The image extension validation service for Base64 image extraction in new Bookstack version is flawed as it uses the vulnerable trim function. This allows attackers to upload malicious files with broken extension, such as pngr, and browsers will interpret broken extension hosted on th...

Free Coin has a flawed logic vulnerability

Vulnerability mining supported by the Ministry of Science and Technology National Key R&D Program Topic 2020YFB1005802 The token contract freeze function will gradually increase its gas consumption when it is called multiple times, and when the gas consumption is extremely large, the running cost...

CVE-2021-34723

A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device. This vulnerability is due to insufficient validation of specific CLI command...

Moderate: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

curl security update

An update is available for curl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The curl packages provide the libcurl library and the curl utility for downloadi...

Ffmpeg 安全漏洞

FFmpeg is a complete solution for recording, converting, and streaming audio and video from the FFmpeg Ffmpeg team. Ffmpeg has a security vulnerability that originates from an improperly designed or implemented code development process for a networked system or product...

Ffmpeg 安全漏洞

FFmpeg is a complete solution for recording, converting, and streaming audio and video from the FFmpeg Ffmpeg team. Ffmpeg has a security vulnerability that originates from an improperly designed or implemented code development process for a networked system or product...

Nextcloud Code Execution Vulnerability

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Germany's Nextcloud. Nextcloud is vulnerable to a code execution vulnerability that stems from Nextcloud's support for rendering image previews of file content provided to users, whic...

NPM arborist 后置链接漏洞

NPM arborist is a software package from the American company npm NPM. It is used to visualize hierarchical data stored as flat lists. NPM arborist suffers from a backlink vulnerability that originates from an improperly designed or implemented code development process for a networked system or...

CVE-2021-27913

The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under...

CVE-2021-27913

The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under...

CVE-2021-27913 Use of a Broken or Risky Cryptographic Algorithm

The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under...

CVE-2021-27913

The CVE-2021-27913 issue is due to using PHP’s mt_rand to generate session tokens, which is cryptographically insecure and can enable enumeration of session tokens. Affected software is Mautic, specifically versions prior to 3.3.4 and versions prior to 4.0.0. The root cause is reliance on a non-c...

[SECURITY] [DLA 2734-1] curl security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2734-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk August 09, 2021 https://wiki.debian.org/LTS -...

CURL-CVE-2021-22924 Bad connection reuse due to flawed path name checks

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup. Due to errors in the logic, the config matching function did not take 'issuer cert' into account and it compared the involved paths case insensitively, which could...

Use of a Broken or Risky Cryptographic Algorithm in emoncms/emoncms

✍️ Description The function mtrand is used to generate verification keys, API keys both read & write, and even hash salts, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this functio...

TMS has a logic flaw vulnerability

TMS is a responsive web open source team collaboration system based on the channel model of team communication and collaboration + lightweight task Kanban. A logic flaw vulnerability exists in TMS, which can be exploited by attackers to modify other users' information...