CVE-2020-36439

An issue was discovered in the ticketedlock crate before 0.3.0 for Rust. There are unconditional implementations of Send for ReadTicket and WriteTicket...

CVE-2020-36445

An issue was discovered in the convec crate through 2020-11-24 for Rust. There are unconditional implementations of Send and Sync for ConVec...

CVE-2020-36446

CVE-2020-36446 affects the signal-simple crate for Rust. The root cause is that SyncChannel is implemented as Send and Sync unconditionally, which allows moving or sharing owned T across threads. This can enable unsafe behavior when T is not Send, potentially causing data races and memory corrupt...

CVE-2020-36446

An issue was discovered in the signal-simple crate through 2020-11-15 for Rust. There are unconditional implementations of Send and Sync for SyncChannel...

CVE-2020-36450

An issue was discovered in the bunch crate through 2020-11-12 for Rust. There are unconditional implementations of Send and Sync for Bunch...

CVE-2020-36451

An issue was discovered in the rcucell crate through 2020-11-14 for Rust. There are unconditional implementations of Send and Sync for RcuCell...

CVE-2020-36453

An issue was discovered in the scottqueue crate through 2020-11-15 for Rust. There are unconditional implementations of Send and Sync for Queue...

CVE-2020-36461

An issue was discovered in the noisesearch crate through 2020-12-10 for Rust. There are unconditional implementations of Send and Sync for MvccRwLock...

CVE-2020-36463

An issue was discovered in the multiqueue crate through 2020-12-25 for Rust. There are unconditional implementations of Send for InnerSend, InnerRecv, FutInnerSend, and FutInnerRecv...

redeemToken can fail for certain tokens

Handle cmichel Vulnerability details The SwappableYieldSource.redeemToken function transfers tokens from the contract back to the sender, however, it uses the ERC20.transferFromaddressthis, msg.sender, redeemableBalance function for this. Some deposit token implementations might fail as...

impacket1472

This is a Python library called Impacket, which provides a collection of classes for working with network protocols. The library is focused on providing low-level programmatic access to the packets and for some protocols e.g. SMB1-3 and MSRPC the protocol implementation itself. The library includ...

Use of a Broken or Risky Cryptographic Algorithm in boxbilling/boxbilling

✍️ Description The function mtrand is used to generate ticket hashes at the reference shown, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to disclose critical...

Privilege escalation

In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional...

CVE-2021-21282

Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer overflow can be triggered by an input packet when using either of Contiki-NG's two RPL implementations in source-routing mode. The problem has been patched in Contiki-NG...

CVE-2021-21282

CVE-2021-21282 affects Contiki-NG prior to 4.5, where a buffer overflow can be triggered in the RPL source-routing header processing when handling input packets with either of Contiki-NG’s RPL implementations. The issue is mitigated by upgrading to Contiki-NG 4.5 or applying an out-of-band patch;...

CVE-2008-3280

It was found that various OpenID Providers OPs had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator CVE-2008-0166. In combination with the DNS Cache Poisoning issue CVE-2008-1447 and the fact that almost all SSL/TLS implementations do not...

Design/Logic Flaw

It was found that various OpenID Providers OPs had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator CVE-2008-0166. In combination with the DNS Cache Poisoning issue CVE-2008-1447 and the fact that almost all SSL/TLS implementations do not...

New Spectre Flaws in Intel and AMD CPUs Affect Billions of Computers

When Spectre, a class of critical vulnerabilities impacting modern processors, was publicly revealed in January 2018, the researchers behind the discovery said, "As it is not easy to fix, it will haunt us for quite some time," explaining the inspiration behind naming the speculative execution...

NAME:WRECK DNS Vulnerabilities

Cybersecurity researchers from Forescout and JSOF have released a report on a set of nine vulnerabilities—referred to as NAME:WRECK—affecting Domain Name System DNS implementations. NAME:WRECK affects at least four common TCP/IP stacks—FreeBSD, IPNet, NetX, and Nucleus NET—that are used in Intern...

Information Disclosure

jetty-server is vulnerable to information disclosure. The URI normalisation in default compliance mode does not escape % encoded characters in the request metadata by common Servlet implementations, allowing access to sensitive resources within the WEB-INF directory via the use of URI with %2e or...