Rust XCB `xcb::Connection::connect_to_fd*` functions violate I/O safety

The API of xcb::Connection has constructors which allow an arbitrary RawFd to be used as a socket connection. On either failure of these constructors or on the drop of Connection, it closes the associated file descriptor. Thus, a program which uses an OwnedFd such as a UnixStream as the file...

SUSE CVE-2010-4072

The copyshmidtouser function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface."...

Apache Airflow 代码问题漏洞

Apache Airflow is an open source tool for orchestrating complex computational workflows and data processing pipelines. A server-side request forgery vulnerability exists in the Chart and Query View of the old UI in Apache Airflow versions prior to 1.10.13. No details of the vulnerability are...

kernel: ipc/shm.c: reading uninitialized stack memory

The copyshmidtouser function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface."...