NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2021-0025)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the...

NewStart CGSL CORE 5.04 / MAIN 5.04 : resource-agents Vulnerability (NS-SA-2021-0034)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has resource-agents packages installed that are affected by a vulnerability: - In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for httplib2.Http.request could change request headers and body, se...

NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0025)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free conditio...

Prototype Pollution in deep-get-set

All versions of package deep-get-set prior to version 1.1.1 are vulnerable to Prototype Pollution via the main function...

CVE-2020-28010

Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small on some common platforms...

CVE-2020-28010

Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small on some common platforms...

Privilege Escalation

exim4 is vulnerable to privilege escalation. The vulnerability exists due to a boundary error within the main function. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system with elevated privileges...

Exim 缓冲区错误漏洞

Exim was developed at Cambridge University as a Message Transfer Agent MTA for Unix systems connected to the Internet. A heap out-of-bounds write vulnerability exists in main in Exim. No detailed vulnerability details are provided at this time...

Sifchain: Subdomain Takeover At the Main Domain Of Your Site

Hello, I Know that isn't in the Scope But this The Only Way I can Report With And This Issue Is Very High It Belongs to the Main Domain this is pretty serious security issue in some context, so please act as fast as possible. overview the Main Domain sifchain.finance is pointing to wix.com, which...

Performance-testing the Google I/O site

I've been looking at the performance of F1 websites recently, but before I dig into the last couple of teams, I figured I'd look a little closer to home, and dig into the Google I/O website. 1. Part 1: Methodology & Alpha Tauri 2. Part 2: Alfa Romeo 3. Part 3: Red Bull 4. Part 4: Williams 5. Part...

GHSA-5PXJ-MHWJ-X5GV Prototype Pollution in asciitable.js

The package asciitable.js before 1.0.3 is vulnerable to Prototype Pollution via the main function. PoC js var a = require"asciitable.js"; var b = JSON.parse'"proto":"test":123'; a,b; console.log.test...

Prototype Pollution in asciitable.js

The package asciitable.js before 1.0.3 is vulnerable to Prototype Pollution via the main function. PoC js var a = require"asciitable.js"; var b = JSON.parse'"proto":"test":123'; a,b; console.log.test...

CVE-2021-29641

Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain...

Design/Logic Flaw

Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain...

UBUNTU-CVE-2020-36312

An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvmmain.c has a kvmiobusunregisterdev memory leak upon a kmalloc failure, aka CID-f65886606c2d...

PYSEC-2021-111

projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project type...

Rebuild-bot workflow may allow unauthorised repository modifications

Impact projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project...

CVE-2021-21423 Exposure of Version-Control Repository to an Unauthorized Control Sphere in projen

projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project type...

Linux kernel 安全漏洞

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A kvmiobusunregisterdev memory leak vulnerability exists in virt/kvm/kvmmain.c in versions of Linux kernel prior to...

Github projen 安全漏洞

Github projen is a Github open source application. It synthesizes project configuration files. A security vulnerability exists in projen that allows any GitHub user to trigger the execution of untrusted code in the context of the "main" repository...