Lucene search
K

1934 matches found

Github Security Blog
Github Security Blog
added 2021/08/25 8:57 p.m.39 views

Data races in cache

An issue was discovered in the cache crate through 2020-11-24 for Rust. Affected versions of this crate unconditionally implement Send/Sync for Cache. This allows users to insert K that is not Send or not Sync. This allows users to create data races by using non-Send types like Arc or Rc as K in...

8.1CVSS7.7AI score0.01098EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2021/08/25 8:55 p.m.15 views

GHSA-VFQX-HV88-F9CV Double-free in id-map

A double free can occur in getorinsert upon a panic of a user-provided f function. getorinsert reserves space for a value, before calling the user provided insertion function f. If the function f panics then uninitialized or previously freed memory can be dropped...

9.8CVSS9.3AI score0.011EPSS
Exploits0References4
OSV
OSV
added 2021/08/25 8:49 p.m.10 views

GHSA-H45V-VGVP-3H5V Out-of-bounds write in stack

ArrayVec::insert allows insertion of an element into the array object into the specified index. Due to a missing check on the upperbound of this index, it is possible to write out of bounds...

9.8CVSS9.4AI score0.01844EPSS
Exploits0References5
OSV
OSV
added 2021/08/25 8:42 p.m.8 views

GHSA-HR3C-6MMP-6M39 Memory corruption slice-deque

Affected versions of this crate did not properly update the head and tail of the deque when inserting and removing elements from the front if, before insertion or removal, the tail of the deque was in the mirrored memory region, and if, after insertion or removal, the head of the deque is exactly...

9.8CVSS9.2AI score0.01611EPSS
Exploits0References4
Prion
Prion
added 2021/08/23 12:15 p.m.14 views

Cross site scripting

The kentoemailsubscriberajax AJAX action of the Email Subscriber WordPress plugin through 1.1, does not properly sanitise, validate and escape the submitted subscribeemail and subscribename POST parameters, inserting them in the DB and then outputting them back in the Subscriber list...

4.3CVSS5.9AI score0.01344EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2021/08/12 12:0 a.m.9 views

WordPress 插件安全漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. There is a security vulnerability in the...

9.8CVSS8.3AI score0.01669EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/06/29 12:0 a.m.5 views

Tibco Software TIBCO Spotfire Server 访问控制错误漏洞

Tibco Software TIBCO Spotfire Server is a TIBCO Spotfire data analytics and mining tools based platform from Tibco Software USA that provides integration, operation and management for organizations. A security vulnerability exists in TIBCO Software, which is caused by an affected component...

8.8CVSS7.5AI score0.00249EPSS
Exploits0References3
OSV
OSV
added 2021/06/25 12:9 a.m.15 views

GSD-2021-1000820 btrfs: abort in rename_exchange if we fail to insert the second ref

btrfs: abort in renameexchange if we fail to insert the second ref This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.10 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2021/06/25 12:5 a.m.10 views

UVI-2021-1000784 btrfs: abort in rename_exchange if we fail to insert the second ref

btrfs: abort in renameexchange if we fail to insert the second ref This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.43 by commit...

7.2AI score
Exploits0
Lenovo
Lenovo
added 2021/06/08 7:7 p.m.6 views

Speculative Code Store Bypass (SCSB) and Floating-Point Value Injection (FPVI) Advisory - Lenovo Support US

No description provided...

6.5CVSS6.4AI score0.00607EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2021/05/26 7:0 a.m.12 views

A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality integrity as well as system availability. Versions before kernel 5.12-rc6 are affected

...

7.8CVSS7.8AI score0.00361EPSS
Exploits0
0day.today
0day.today
added 2021/05/26 12:0 a.m.62 views

i-doit 1.15.2 Cross Site Scripting Vulnerability

Exploit Title: SXX for i-doit 1.15.2 in parameret viewMode from Infrastructure Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Date: 05.25.2021 Vendor: https://www.i-doit.org/news/ Link: https://www.i-doit.org/new-minor-release-i-doit-open-1-15-2/ From Github:...

5.4CVSS5.6AI score0.01221EPSS
Exploits3
Akamai Blog
Akamai Blog
added 2021/05/20 2:0 p.m.192 views

Better Real User Monitoring with BoomerangJS and Akamai mPulse

In this blog, we'll walk through a few different snippet insertion methods and available optimizations. Akamai's real user monitoring RUM solution, mPulse, uses a bit of JavaScript code an mPulse snippet and the BoomerangJS library to collect performance data from a user's Web browser. However, t...

7.2AI score
Exploits0
OSV
OSV
added 2021/05/17 12:15 p.m.7 views

AZL-6568 CVE-2021-3483 affecting package kernel for versions less than 5.10.78.1-1

A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system...

7.8CVSS6.6AI score0.00361EPSS
Exploits0References1
NVD
NVD
added 2021/05/17 12:15 p.m.20 views

CVE-2021-3483

A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system...

7.8CVSS0.00361EPSS
Exploits0References5
OSV
OSV
added 2021/05/17 12:15 p.m.3 views

DEBIAN-CVE-2021-3483

A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system...

7.8CVSS6.4AI score0.00361EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/05/17 11:25 a.m.20 views

CVE-2021-3483

A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system...

8AI score0.00361EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/04/20 12:0 a.m.4 views

Oracle Enterprise Manager Base Platform 安全漏洞

Oracle Enterprise Manager Base Platform is a complete installer that includes OMS, agents, repositories, and management plug-ins. A security vulnerability exists in the UI Framework component of Oracle Enterprise Manager Base Platform version 13.4.0.0. An attacker could use this vulnerability to...

6.1CVSS5.6AI score0.00969EPSS
Exploits1References5
CNVD
CNVD
added 2021/04/16 12:0 a.m.4 views

Eclipse Mosquitto Access Control Error Vulnerability

Eclipse Mosquitto is the Eclipse Foundation's set of open source messaging agent software . An access control error vulnerability exists in Eclipse Mosquitto version 1.3.0 and prior versions, which can be exploited by a low-privileged attacker with local access to certain Windows versions to inse...

8.8CVSS6.4AI score0.0023EPSS
Exploits0References1
CNVD
CNVD
added 2021/04/16 12:0 a.m.4 views

Eclipse Mosquitto Access Control Error Vulnerability (CNVD-2021-36852)

Eclipse Mosquitto is the Eclipse Foundation's set of open source messaging agent software . An Access Control Error vulnerability exists in Eclipse Mosquitto, which can be exploited by an attacker to insert malware using the component's elevated privileges...

8.8CVSS6.7AI score0.0023EPSS
Exploits0References1
Rows per page
Query Builder