112 matches found
CVE-2021-22549
An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c...
CVE-2021-22550
The CVE-2021-22550 entry concerns the Google Asylo framework where an attacker can modify pointers in enclave memory to overwrite arbitrary addresses inside a secure enclave. The vulnerability is tied to UntrustedCacheMalloc::GetBuffer (as described in CVE records) and is mitigated by updating be...
CVE-2021-22548 Arbitrary enclave memory overread vulnerability in Asylo TrustedPrimitives::UntrustedCall
An attacker can change the pointer to untrusted memory to point to trusted memory region which causes copying trusted memory to trusted memory, if the latter is later copied out, it allows for reading of memory regions from the trusted region. It is recommended to update past 0.6.2 or git commit...
FreeBSD-SA-21:11.smap
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-21:11.smap Security Advisory The FreeBSD Project Topic: SMAP bypass Category: core Module: amd64 Announced: 2021-05-26 Credits: I lost my dog if you see him...
False-positive validity for NFT1 genesis transactions in SLPJS
Impact In the npm package named "slpjs", versions prior to 0.27.4 are vulnerable to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the...
CVE-2020-4059
In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround,...
CVE-2020-4059
In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround,...
Command injection
In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround,...
CVE-2020-4059
CVE-2020-4059 affects the mversion library (pre-2.0.0). The vulnerability is a command injection in the library’s internal workflow, which could lead to remote code execution when a client calls the vulnerable method with untrusted input. The issue is fixed in version 2.0.0; older releases are de...
CVE-2020-4059 Command Injection in mversion
In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround,...
Mail.ru: Sensitive information exposure via git commit
Token for a test ICQ bot account was leaked via git commit data for opensource Jira plugin...
GHSA-QJG4-W4C6-F6C6 Command injection in mversion
Impact This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. Patches Patched by version 2.0.0. Previous releases are deprecated in npm. Workarounds Make sure to escape git commit messages when using the commitMessage option for t...
Command injection in mversion
Impact This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. Patches Patched by version 2.0.0. Previous releases are deprecated in npm. Workarounds Make sure to escape git commit messages when using the commitMessage option for t...
Node.js third-party modules: [last-commit-log] Command Injection
I would like to report Command Injection in last-commit-log It allows execution of arbitrary commands Module module name: last-commit-log version: [email protected] npm page: https://www.npmjs.com/package/last-commit-log Module Description Node.js module to get the last git commit information...
CVE-2020-9366
A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact...
Security update for helm (moderate)
openSUSE Security Update: Security update for helm Announcement ID: openSUSE-SU-2019:1703-1 Rating: moderate References: 1118897 1118898 1118899 Cross-References: CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 An update that fixes thr...
CVE-2019-1010315
WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig dsdiff.c:282. The attack vector is: Maliciously crafted .wav file. The fixed...
CVE-2018-1000199
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modifyuserhwbreakpoint that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in...
Design/Logic Flaw
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modifyuserhwbreakpoint that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in...
CVE-2018-1000199
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modifyuserhwbreakpoint that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in...