CVE-2021-27219

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function gbytesnew has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption...

CVE-2019-16007

A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthenticated, local attacker to perform a service hijack attack on an affected device or cause a denial of service DoS condition. The vulnerability is due to the use of...

CVE-2019-16007

A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthenticated, local attacker to perform a service hijack attack on an affected device or cause a denial of service DoS condition. The vulnerability is due to the use of...

CVE-2019-16007 Cisco AnyConnect Secure Mobility Client for Android Service Hijack Vulnerability

A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthenticated, local attacker to perform a service hijack attack on an affected device or cause a denial of service DoS condition. The vulnerability is due to the use of...

Android Zen elevation of privilege vulnerability

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. The Android-11 version has a security vulnerability that stems from an insecure implicit hang in Zen, which can be exploited by an attacker to elevate local privileges...

UBUNTU-CVE-2020-25040

Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039...

OSV-2020-1531 Segv on unknown address in clang::Sema::PerformImplicitConversion

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19621 Crash type: Segv on unknown address Crash state: clang::Sema::PerformImplicitConversion clang::Sema::PerformImplicitConversion clang::Sema::PerformContextuallyConvertToBool...

Remote Code Execution (RCE)

Microsoft Chakracore is vulnerable to remote code execution RCE. It does not properly handle the JIT bails out when there is an object marked as temporary during an implicit call, allowing objects stored on the stack to be used outside of the function during the DeadStore pass of GlobOpt...

Mail.ru: [Mail.Ru for Android] Replacing "Add filter" screen by malicious screen

An implicit intent was invoked on "Add filter" action of Mail.ru Mail application for Android leading to interface spoofing possibility...

Updated jss packages fix security vulnerability

Updated jss packages fix security vulnerability: A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS CryptoManager, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be...

CVE-2019-3648 Implicit loading of DLLs

A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission...

CentOS 7 : jss (CESA-2019:3067)

An update for jss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

CVE-2019-14823

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attack...

CVE-2019-14823

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attack...

GHSA-M63J-WH5W-C252 Denial of Service Vulnerability in Action View

Denial of Service Vulnerability in Action View Impact ------ Specially crafted accept headers can cause the Action View template location code to consume 100% CPU, causing the server unable to process requests. This impacts all Rails applications that render views. All users running an affected...

jasper security update

1.900.1-33 - remove implicit declaration of jaseprintf 1585830 1.900.1-32 - Fix CVE-2016-9396 1583721 - Fix CVE-2017-1000050 1585830...

CVE-2015-9268

Nullsoft Scriptable Install System NSIS before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime...

DEBIAN-CVE-2015-9268

Nullsoft Scriptable Install System NSIS before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime...

CVE-2015-9268

CVE-2015-9268 affects Nullsoft Scriptable Install System (NSIS) prior to 2.49, which has unsafe implicit linking against Version.dll. The description in the CVE notes that there is no protection mechanism to resolve the dependency at runtime, indicating a potential for misuse during installation ...

CVE-2015-9268

Nullsoft Scriptable Install System NSIS before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime...