624 matches found
Unbreakable Enterprise kernel security update
5.4.17-2102.202.5 - sctp: delay autoasconf init until binding the first addr Xin Long Orabug: 32907967 CVE-2021-23133 CVE-2021-23133 - dm ioctl: fix out of bounds array access when no devices Mikulas Patocka Orabug: 32860491 CVE-2021-31916 - uek-rpm: update kABI lists for the new symbols Saeed...
Heap-based Buffer Overflow in strukturag/libde265
✍️ Description heap-buffer-overflow of decctx.cc in function readspsNAL 🕵️♂️ Proof of Concept Verification steps: 1.Get the source code of Bento4 2.Compile the Bento4 bash $ ./autogen.sh $ export CFLAGS="-g -lpthread -fsanitize=address" $ export CXXFLAGS="-g -lpthread -fsanitize=address" $...
In the standard library in Rust before 1.49.0 VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.
...
DEBIAN-CVE-2020-36322
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fusedogetattr calls makebadinode in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is...
DEBIAN-CVE-2020-36318
In the standard library in Rust before 1.49.0, VecDeque::makecontiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free...
CVE-2020-36318
In the standard library in Rust before 1.49.0, VecDeque::makecontiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free...
Mozilla Rust 资源管理错误漏洞
Rust is a systems programming language characterized by fast operation, the ability to prevent segmentation errors, and thread-safety. A reuse-after-release and double-release vulnerability exists in standard inventory in versions of Rust prior to 1.49.0. The vulnerability stems from...
@apollosproject/apollos-cli (>=2.43.1 <=3.0.0-canary.57), @apollosproject/react-native-make (>=3.0.4 <=3.0.5) +22 more potentially affected by CVE-2021-29060 via color-string (>=1.2.0 <=1.5.3)
color-string NPM version =1.2.0, =2.43.1, =3.0.4, =3.0.2, =1.0.0, =2.1.2, =3.0.1, =2.4.0, =3.2.4, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.3, =0.0.0, =0.0.7 and more Source cves: CVE-2021-29060 Source advisory: SNYK:JS-COLORSTRING-1082939...
OESA-2021-1060 OpenEXR security update
OpenEXR is a high dynamic-range HDR image file format originally developed by Industrial Light & Magic for use in computer imaging applications. Security Fixes: In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.CVE-2017-9114 ...
PSC - E2E Encryption For Multi-Hop Tty Sessions Or Portshells + TCP/UDP Port Forward
DNS lookup and SSH session forwarded across an UART connection to a Pi PSC allows to e2e encrypt shell sessions, single- or multip-hop, being agnostic of the underlying transport, as long as it is reliable and can send/receive Base64 encoded data without modding/filtering. Along with the e2e pty...
UBUNTU-CVE-2020-35478
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink. This affects MediaWiki 1.33.0 and later...
PYSEC-2020-302
In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node given by outputindex and the input slot of the dst node...
Unbreakable Enterprise kernel security update
5.4.17-2036.100.6.1.el8uek - powercap: restrict energy meter to root access Kanth Ghatraju Orabug: 32040802 CVE-2020-8694 CVE-2020-8695 - KVM: ioapic: break infinite recursion on lazy EOI Vitaly Kuznetsov Orabug: 32066585 CVE-2020-27152 CVE-2020-27152 - x86/mitigations: Restore paranoid checks fo...
new packages: gcc-toolset-10-make
An update is available for gcc-toolset-10-make. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GCC Toolset is a compiler toolset that provides recent versions o...
just-make-up-shop.ru Cross Site Scripting vulnerability OBB-1467712
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
OSV-2020-1842 Heap-buffer-overflow in parquet::arrow::SchemaManifest::Make
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25933 Crash type: Heap-buffer-overflow READ 8 Crash state: parquet::arrow::SchemaManifest::Make parquet::arrow::FileReader::Make parquet::arrow::internal::FuzzReader...
alinex-make (=0.0.3), apifs2swagger (>=0.1.0 <=0.1.2) +72 more potentially affected by unknown CVE via getsetdeep (>=2.0.0 <=2.1.0)
getsetdeep NPM version =2.0.0, =0.1.0, =0.5.0, =0.1.0, =0.1.0, =0.1.0, =0.8.3, =0.0.1, =0.2.4, =0.0.0, =6.20.0, =6.29.0 - docpad-plugin-cachr =2.1.5 and more Source cves: unknown CVE Source advisory: OSV:GHSA-8J49-49JQ-VWCQ...
Exploit for Improper Input Validation in Google Android
CVE-2020-0041 This repository contains LPE code for exploitin...
marketing-make-money.com Cross Site Scripting vulnerability OBB-1255812
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
CVE-2019-20408
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF vulnerability due to a logic bug in the JiraWhitelist class...