PT-2022-2130

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 7u321, 8u311, 11.0.13, 17.0.1 Oracle GraalVM Enterprise Edition versions 20.3.4, 21.3.0 Description The issue is related to insufficient input validation in the ImageIO component, allowing an unauthenticated attacker wi...

Oracle Java SE和Oracle GraalVM 输入验证错误漏洞

Oracle Java SE is an Oracle Corporation USA product for developing and deploying Java applications on desktops, servers, and embedded devices and in real-time environments.Oracle Java SE is vulnerable to an input validation error that could be exploited by an attacker to cause an unauthorized...

Oracle Java SE和Oracle GraalVM 输入验证错误漏洞

Oracle Java SE is an Oracle Corporation USA product for developing and deploying Java applications on desktops, servers, and embedded devices and in real-time environments.Oracle Java SE is vulnerable to an input validation error that could be exploited by an attacker to cause an unauthorized...

PT-2022-6842

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 11.0.13, 17.0.1 Oracle GraalVM Enterprise Edition versions 20.3.4, 21.3.0 Description The issue is related to an easily exploitable vulnerability in the ImageIO component of Oracle Java SE and Oracle GraalVM Enterprise...

The `total_size` function for partial read the length of any `FixVec` is incorrect in molecule.

Anyone who uses totalsize.. function to partial read the length of any FixVec will get an incorrect result, due to an incorrect implementation. This has been resolved in the 0.7.2 release...

GHSA-6P3C-V8VC-C244 The `total_size` function for partial read the length of any `FixVec` is incorrect in molecule.

Anyone who uses totalsize.. function to partial read the length of any FixVec will get an incorrect result, due to an incorrect implementation. This has been resolved in the 0.7.2 release...

Sun & Moon Rise Shockwall system 输入验证错误漏洞

The Sun & Moon Rise Shockwall System is a computer endpoint protection system from Sun & Moon Rise, a Chinese company, that suffers from a security vulnerability that could be exploited to send malicious responses to servers to partially disrupt service...

CVE-2021-45916

The programming function of Shockwall system has an improper input validation vulnerability. An authenticated attacker within the local area network can send malicious response to the server to disrupt the service partially...

CVE-2021-45697

An issue was discovered in the molecule crate before 0.7.2 for Rust. A FixVec partial read has an incorrect result...

CVE-2021-45697

An issue was discovered in the molecule crate before 0.7.2 for Rust. A FixVec partial read has an incorrect result...

Default configuration

An issue was discovered in the molecule crate before 0.7.2 for Rust. A FixVec partial read has an incorrect result...

CVE-2021-45697

An issue was discovered in the molecule crate before 0.7.2 for Rust. A FixVec partial read has an incorrect result...

DEBIAN-CVE-2021-44538

The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted...

SavingsAccount withdrawAll and switchStrategy can freeze user funds by ignoring possible strategy liquidity issues

Handle hyh Vulnerability details Impact Full withdrawal and moving funds between strategies can lead to wrong accounting if the corresponding market has tight liquidity, which can be the case at least for AaveYield. That is, as the whole amount is required to be moved at once from Aave, both...

Important: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows...

OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker...

OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Swing. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacke...

CVE-2021-28709

issues with partially successful P2M updates on x86 This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have...

CVE-2021-28705

issues with partially successful P2M updates on x86 This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have...