10009 matches found
RUSTSEC-2021-0044 Use after free possible in `uri::Formatter` on panic
Affected versions of this crate transmuted a &str to a &'static str before pushing it into a StackVec, this value was then popped later in the same function. This was assumed to be safe because the reference would be valid while the method's stack was active. In between the push and the pop,...
CVE-2020-10234
The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic aka BSOD follows. The IOCTL codes can be found in the dispatch function:...
CVE-2020-10234
The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic aka BSOD follows. The IOCTL codes can be found in the dispatch function:...
Security update for the Linux Kernel (important)
openSUSE Security Update: Security update for the Linux Kernel Announcement ID: openSUSE-SU-2021:0241-1 Rating: important References: 1065600 1149032 1152472 1152489 1153274 1154353 1155518 1163930 1165545 1167773 1172355 1176395 1176831 1178142 1178631 1179142 1179396 1179508 1179509 1179567...
Elastic APM Agent for Go 1.11.0 Security Update
Elastic APM Agent for Go information disclosure ESA-2021-02 The Elastic APM agent for Go can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM...
OESA-2021-1017 thrift security update
The Apache Thrift software framework for cross-language services development combines a software stack with a code generation engine to build services that work efficiently and seamlessly between C++, Java, Python, and other languages.\r\n\r\n Security Fixes:\r\n\r\n In Apache Thrift all versions...
insert_slice_clone can double drop if Clone panics.
Affected versions of this crate used ptr::copy when inserting into the middle of a Vec. When ownership was temporarily duplicated during this copy, it calls the clone method of a user provided element. This issue can result in an element being double-freed if the clone call panics. Commit 20cb73d...
RUSTSEC-2021-0018 insert_slice_clone can double drop if Clone panics.
Affected versions of this crate used ptr::copy when inserting into the middle of a Vec. When ownership was temporarily duplicated during this copy, it calls the clone method of a user provided element. This issue can result in an element being double-freed if the clone call panics. Commit 20cb73d...
Moderate: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
CentOS 8 : go-toolset:rhel8 (CESA-2020:0329)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:0329 advisory. - golang: HTTP/1.1 headers with a space before the colon leads to filter bypass or request smuggling CVE-2019-16276 - golang: invalid public key causes...
CentOS 8 : go-toolset:rhel8 (CESA-2020:5493)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:5493 advisory. - golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS CVE-2020-24553 - golang: math/big: panic during recursive...
CVE-2019-25014
A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic resulting in a denial of service to the istio-pilot...
CVE-2021-25902
An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. When a panic occurs, maparray can perform a double drop...
CVE-2021-25907
An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::mutate,mutate2 double drop can be performed...
CVE-2021-25902
An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. When a panic occurs, maparray can perform a double drop...
CVE-2021-25906
An issue was discovered in the basicdspmatrix crate before 0.9.2 for Rust. When a TransformContent panic occurs, a double drop can be performed...
CVE-2021-25907
An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::mutate,mutate2 double drop can be performed...
Double free
An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. When a panic occurs, maparray can perform a double drop...
Double free
An issue was discovered in the basicdspmatrix crate before 0.9.2 for Rust. When a TransformContent panic occurs, a double drop can be performed...
Double free
An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::mutate,mutate2 double drop can be performed...