PT-2022-7629 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a synchronization error in the reweight entity function of the Linux kernel's sched component, which can cause a null pointer dereference. This occurs due to a...

Bromite 安全漏洞

Bromite is a Chromium fork. It is used for adblocking and privacy enhancement. Bromite has a security vulnerability that stems from the fact that Bromite comes with a hard-coded adblock filter, with versions recognized by the rules it has...

RUSTSEC-2021-0134 rental is unmaintained, author has moved on

The author encourages users to explore other solutions, or maintain a fork. Maintained alternatives include: ouroboros fortify escher...

rental is unmaintained, author has moved on

The author encourages users to explore other solutions, or maintain a fork. Maintained alternatives include: ouroboros fortify escher...

golang: syscall: don't close fd 0 on ForkExec error

There's a flaw in golang's syscall.ForkExec interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked...

golang: syscall: don't close fd 0 on ForkExec error

There's a flaw in golang's syscall.ForkExec interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked...

CVE-2021-41272 SHL, SHR, and SAR operations trigger native exception at key values in besu

Besu is an Ethereum client written in Java. Starting in version 21.10.0, changes in the implementation of the SHL, SHR, and SAR operations resulted in the introduction of a signed type coercion error in values that represent negative values for 32 bit signed integers. Smart contracts that ask for...

CVE-2021-41272

CVE-2021-41272 affects the Besu Ethereum client (Java). Beginning with 21.10.0, changes to SHL/SHR/SAR caused a signed type coercion error for negative values in 32-bit integers. Consequence: on networks with mixed vulnerable/non‑vulnerable miners, forks may occur and affected transactions may be...

Google Golang 资源管理错误漏洞

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

Cross-site Scripting (XSS)

forkcms/forkcms is vulnerable to cross-site scripting attacks. The vulnerability exists because the 'Displayname' input field in 'Profiles' module is not properly encoded, which allows a malicious attacker to inject and execute arbitrary javascript...

Fork CMS Cross-Site Scripting Vulnerability (CNVD-2021-83552)

Fork CMS is an open source content management system CMS developed using PHP. The system contains blogs , questions and answers , forms and other modules . A cross-site scripting vulnerability exists in Fork CMS Content Management System version 5.8.0, which can be exploited by an attacker to...

GHSA-3374-7H99-XR85 Cross-site scripting in forkcms

Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the Displayname field when using the Add, Edit or Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML...

Cross-site scripting in forkcms

Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the Displayname field when using the Add, Edit or Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML...

CVE-2020-23049

Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the Displayname field when using the Add, Edit or Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML...

CVE-2020-23049

Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the Displayname field when using the Add, Edit or Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML...

Cross site scripting

Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the Displayname field when using the Add, Edit or Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML...

CVE-2020-23049

Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the Displayname field when using the Add, Edit or Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML...

CVE-2020-23049

Fork CMS Content Management System v5.8.0 is affected by a cross-site scripting (XSS) vulnerability in the Displayname field when using Add, Edit, or Register. The root cause is improper encoding/input handling of the Displayname field, enabling attackers to inject and execute arbitrary web scrip...

RUSTSEC-2021-0137 sodiumoxide is deprecated

Alternatives may be found - not in any specific order: - libsodium-sys-stable - dryoc - RustCrypto/nacl-compat cryptobox, cryptokx, cryptosecretstream - RustCrypto/xsalsa20poly1305 cryptosecretbox - Signatory - ed25519-compact - ed25519-dalek - ring Recommendations can be also found from: - Aweso...

Fork CMS 跨站脚本漏洞

Fork CMS is an open source content management system CMS developed using PHP. The system contains blogs , questions and answers , forms and other modules . A cross-site scripting vulnerability exists in Fork CMS Content Management System version 5.8.0, which can be exploited by an attacker to...