1934 matches found
Data races in cache
An issue was discovered in the cache crate through 2020-11-24 for Rust. Affected versions of this crate unconditionally implement Send/Sync for Cache. This allows users to insert K that is not Send or not Sync. This allows users to create data races by using non-Send types like Arc or Rc as K in...
GHSA-VFQX-HV88-F9CV Double-free in id-map
A double free can occur in getorinsert upon a panic of a user-provided f function. getorinsert reserves space for a value, before calling the user provided insertion function f. If the function f panics then uninitialized or previously freed memory can be dropped...
GHSA-H45V-VGVP-3H5V Out-of-bounds write in stack
ArrayVec::insert allows insertion of an element into the array object into the specified index. Due to a missing check on the upperbound of this index, it is possible to write out of bounds...
GHSA-HR3C-6MMP-6M39 Memory corruption slice-deque
Affected versions of this crate did not properly update the head and tail of the deque when inserting and removing elements from the front if, before insertion or removal, the tail of the deque was in the mirrored memory region, and if, after insertion or removal, the head of the deque is exactly...
Cross site scripting
The kentoemailsubscriberajax AJAX action of the Email Subscriber WordPress plugin through 1.1, does not properly sanitise, validate and escape the submitted subscribeemail and subscribename POST parameters, inserting them in the DB and then outputting them back in the Subscriber list...
WordPress 插件安全漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. There is a security vulnerability in the...
Tibco Software TIBCO Spotfire Server 访问控制错误漏洞
Tibco Software TIBCO Spotfire Server is a TIBCO Spotfire data analytics and mining tools based platform from Tibco Software USA that provides integration, operation and management for organizations. A security vulnerability exists in TIBCO Software, which is caused by an affected component...
GSD-2021-1000820 btrfs: abort in rename_exchange if we fail to insert the second ref
btrfs: abort in renameexchange if we fail to insert the second ref This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.10 by commit...
UVI-2021-1000784 btrfs: abort in rename_exchange if we fail to insert the second ref
btrfs: abort in renameexchange if we fail to insert the second ref This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.43 by commit...
Speculative Code Store Bypass (SCSB) and Floating-Point Value Injection (FPVI) Advisory - Lenovo Support US
No description provided...
A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality integrity as well as system availability. Versions before kernel 5.12-rc6 are affected
...
i-doit 1.15.2 Cross Site Scripting Vulnerability
Exploit Title: SXX for i-doit 1.15.2 in parameret viewMode from Infrastructure Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Date: 05.25.2021 Vendor: https://www.i-doit.org/news/ Link: https://www.i-doit.org/new-minor-release-i-doit-open-1-15-2/ From Github:...
Better Real User Monitoring with BoomerangJS and Akamai mPulse
In this blog, we'll walk through a few different snippet insertion methods and available optimizations. Akamai's real user monitoring RUM solution, mPulse, uses a bit of JavaScript code an mPulse snippet and the BoomerangJS library to collect performance data from a user's Web browser. However, t...
AZL-6568 CVE-2021-3483 affecting package kernel for versions less than 5.10.78.1-1
A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system...
CVE-2021-3483
A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system...
DEBIAN-CVE-2021-3483
A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system...
CVE-2021-3483
A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system...
Oracle Enterprise Manager Base Platform 安全漏洞
Oracle Enterprise Manager Base Platform is a complete installer that includes OMS, agents, repositories, and management plug-ins. A security vulnerability exists in the UI Framework component of Oracle Enterprise Manager Base Platform version 13.4.0.0. An attacker could use this vulnerability to...
Eclipse Mosquitto Access Control Error Vulnerability
Eclipse Mosquitto is the Eclipse Foundation's set of open source messaging agent software . An access control error vulnerability exists in Eclipse Mosquitto version 1.3.0 and prior versions, which can be exploited by a low-privileged attacker with local access to certain Windows versions to inse...
Eclipse Mosquitto Access Control Error Vulnerability (CNVD-2021-36852)
Eclipse Mosquitto is the Eclipse Foundation's set of open source messaging agent software . An Access Control Error vulnerability exists in Eclipse Mosquitto, which can be exploited by an attacker to insert malware using the component's elevated privileges...