CVE-2021-29329

OpenSource Moddable v10.5.0 contains a stack overflow in fxBinaryExpressionNodeDistribute (xsTree.c). The issue is triggered within the Moddable XS tree handling, as reported in CVE-2021-29329. Connected sources confirm the affected component and file path, but do not provide explicit exploitatio...

CVE-2021-29328

OpenSource Moddable v10.5.0 was discovered to contain buffer over-read in the fxDebugThrow function at /moddable/xs/sources/xsDebug.c...

CVE-2021-29328

OpenSource Moddable v10.5.0 contains a buffer over-read in the fxDebugThrow function at /moddable/xs/sources/xsDebug.c. The vulnerability is documented across multiple sources (NVD entry CVE-2021-29328, Red Hat, CNVD) with CVSS details: CVSS v3.1 BASE SCORE 7.1 (HIGH) / LOCAL attack vector, LOW a...

CVE-2021-29327

OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fxArrayBuffer function at /moddable/xs/sources/xsDataView.c...

CVE-2021-29327

Moddable OpenSource Moddable v10.5.0 contains a heap buffer overflow in the fx_ArrayBuffer function, located at /moddable/xs/sources/xsDataView.c. The vulnerability is confirmed across multiple feeds (CVE-2021-29327). Impact details from the CVE include memory corruption risks that could reflect ...

CVE-2021-29326

CVE-2021-29326 affects OpenSource Moddable v10.5.0, with a heap-based buffer overflow in the function fxIDToString (file: /moddable/xs/sources/xsSymbol.c). The connected documents consistently identify a heap overflow in that symbol handling path. No explicit remediation is provided in the source...

CVE-2021-29326

OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fxIDToString function at /moddable/xs/sources/xsSymbol.c...

CVE-2021-29325

OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fxStringprototyperepeat function at /moddable/xs/sources/xsString.c...

CVE-2021-29323

CVE-2021-29323 affects OpenSource Moddable v10.5.0, with a heap-based buffer overflow in the ESP WiFi module (path /modules/network/wifi/esp/modwifi.c). Root cause: a heap overflow in that component. The vulnerability is documented across multiple sources (NVD, Red Hat, CNVD, CVE listing) with no...

CVE-2021-29323

OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow via the component /modules/network/wifi/esp/modwifi.c...

CVE-2021-29324

OpenSource Moddable v10.5.0 was discovered to contain a stack overflow via the component /moddable/xs/sources/xsScript.c...

CVE-2021-29324

CVE-2021-29324 affects OpenSource Moddable v10.5.0, with a stack overflow in the component /moddable/xs/sources/xsScript.c. The vulnerability stems from memory boundary handling that can lead to incorrect read/write across memory. NVD reports a CVSS v3.1 base score of 7.8 (HIGH) with LOCAL, LOW a...

USN-5081-1 qtbase-opensource-src vulnerabilities

It was discovered that Qt incorrectly handled certain XBM image files. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. CVE-2020-17507 It was discovered that Qt incorrectly handled...

Improper Privilege Management in opensource-socialnetwork/opensource-socialnetwork

💥 BUG unprivileged user can comment to private album . 💥 IMPACT user who does not have permiison in private album still can comment in that album. 💥 STEP TO RERPODUCE There is two user called user-A and user-B.\ 1. First goto user-A account and create a private album . \ Lets album url is...

b2evolution 7.2.2 - (edit account details) Cross-Site Request Forgery Vulnerability

Exploit Title: b2evolution 7.2.2 - 'edit account details' Cross-Site Request Forgery CSRF Exploit Author: Alperen Ergel @alpernae Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/7-2-2 Version : 7.2.2 Tested on: Kali Linux Category: WebApp Description...

Anote 1.0 Cross Site Scripting / Code Execution

Exploit Title: Anote 1.0 XSS to RCE Exploit Author: TaurusOmar Twitter:@TaurusOmar HomePage:taurusomar.com Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/AnotherNote/anote Version: 1.0 Tested on: Linux, MacOs Software Descriptio...

[SECURITY] Fedora 32 Update: chromium-87.0.4280.141-1.fc32

Chromium is an open-source web browser, powered by WebKit Blink...

openGauss: Documenting Extensions

All installed extensions must be documented. You need to carefully check any unidentified extensions. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Debian: Security Advisory (DLA-2422-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2422-1 : qtsvg-opensource-src security update

Malformed SVG images were able to cause a segmentation fault in qtsvg-opensource-src, the QtSvg module for displaying the contents of SVG files in Qt. For Debian 9 stretch, this problem has been fixed in version 5.7.120161021-2.1. We recommend that you upgrade your qtsvg-opensource-src packages...