454 matches found
Internally mutating methods take immutable ref self
Affected versions of this crate exposed several methods which took self by immutable reference, despite the requesting the RenderDoc API to set a mutable value internally. This is technically unsound and calling these methods from multiple threads without synchronization could lead to unexpected...
CVE-2019-13097
The vulnerability CVE-2019-13097 affects Cat Runner Decorate Home for Android (version 2.8.0). The app’s API does not sufficiently verify inputs that are treated as immutable but can be controlled externally, allowing manipulation of users’ score parameters exchanged between client and server. No...
CVE-2018-1000875
Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. This attack appear to be...
My Takeaways from the Gartner I&O Conference
By Renata Budko, Wallarm Last week I spent a few days in Las Vegas with the great folks at the Gartner IT Infrastructure, Operations & Cloud Strategies Conference. Gathered for the conference there were experts around the world from analysts to VPs to infrastructure and operations leaders to...
RUSTSEC-2018-0019 Multiple memory safety issues
Affected versions contain multiple memory safety issues, such as: - Unsoundly coercing immutable references to mutable references - Unsoundly extending lifetimes of strings - Adding the Send marker trait to objects that cannot be safely sent between threads This may result in a variety of memory...
Multiple memory safety issues
Affected versions contain multiple memory safety issues, such as: - Unsoundly coercing immutable references to mutable references - Unsoundly extending lifetimes of strings - Adding the Send marker trait to objects that cannot be safely sent between threads This may result in a variety of memory...
CVE-2018-3721
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property tha...
CVE-2018-3719
mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...
AZL-45420 CVE-2018-3721 affecting package js-jquery 3.5.0-4
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property tha...
CVE-2018-3721
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property tha...
CVE-2018-3719
mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...
CVE-2018-3720
assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...
CVE-2018-3722
merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...
CVE-2018-3723
defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...
Code injection
mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...
Code injection
merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...
UBUNTU-CVE-2018-3719
mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...
Authentication flaw
assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...
Code injection
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property tha...
CVE-2018-3721
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property tha...