[SECURITY] Fedora 34 Update: golang-1.16.11-1.fc34

The Go Programming Language...

Tibco Software TIBCO Spotfire Server 安全漏洞

Tibco Software TIBCO Spotfire Server is a suite of TIBCO Spotfire data analytics and mining tools based platforms from Tibco Software USA that provide integration, operation, and management for organizations. A security vulnerability exists in TIBCO Spotfire Server that allows a malicious custom...

The vulnerability of the FATEK WinProladder controller programming software lies in the ability to write beyond the buffer memory boundaries, allowing a hacker to execute arbitrary code.

The vulnerability of the FATEK WinProladder controller programming software lies in the writing of code beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

GHSA-GFHX-JJWQ-63GV Cross-site Scripting in Apereo CAS

Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints...

[SECURITY] Fedora 34 Update: q-7.11-44.fc34

Q is a powerful and extensible functional programming language based on the term rewriting calculus. You specify an arbitrary system of equations which the interpreter uses as rewrite rules to reduce expressions to normal form. Q is useful for scientific programming and other advanced application...

Fedora: Security Advisory for q (FEDORA-2021-b58af96f33)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The vulnerability of the Web interface and API of the Cisco Application Policy Infrastructure Controller allows attackers to execute cross-site scripting attacks.

The vulnerability of the Cisco Application Policy Infrastructure Controller’s web interface and API exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

CVE-2021-44479

NXP Kinetis K82 devices have a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB In-System Programming ISP mode. This discloses protected flash memory...

Design/Logic Flaw

NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request during use of USB In-System Programming ISP mode. This discloses protected flash memory...

CVE-2021-44479

CVE-2021-44479 affects NXP Kinetis K82 devices. A buffer over-read occurs in a GET Status-Other request during USB In-System Programming (ISP) mode due to a crafted wlength value, leading to disclosure of protected flash memory. The provided documents do not specify exploited campaigns or a publi...

CVE-2021-40154

NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request during use of USB In-System Programming ISP mode. This discloses protected flash memory...

CVE-2021-40154

CVE-2021-40154 affects NXP LPC55S69 devices prior to revision A3. In USB In-System Programming (ISP) mode, a crafted wlength value in a GET Descriptor Configuration request can trigger a buffer over-read, exposing protected flash memory. The linked documents confirm the root cause as a buffer ove...

Nxp Semiconductors Nxp Kinetis K82 缓冲区错误漏洞

The Nxp Semiconductors Nxp Kinetis K82 is a microcontroller from Nxp Semiconductors of the Netherlands. A security vulnerability exists in the Nxp Semiconductors NXP Kinetis K82, which arises from the device having a buffer reread via a carefully crafted wlength value in a GET Status-Other reques...

Code Security Advent Calendar 2021

We are happy to announce our sixth consecutive Code Security Advent Calendar! Born at RIPS in 2016, each calendar comprises 24 little code puzzles containing hidden security vulnerabilities that wait to be spotted. This is our way to share good vibes with the community while learning and having f...

Open Design Alliance Drawings SDK 缓冲区错误漏洞

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The SDK provides easy, object-oriented API access to data in .dwg and .dgn, C API, file repair support, support for . code execution...

Open Design Alliance Drawings SDK 缓冲区错误漏洞

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The development package provides access to data in .dwg and .dgn through a convenient, object-oriented API that provides a C API, support for repair files, support for...

Exploit for Out-of-bounds Read in Nxp Lpc55S69Jbd100_Firmware

CVE-2021-40154...

CVE-2021-36310

Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service...

Dell Networking OS10 安全漏洞

Dell Networking OS10 is a Linux-based network switch operating system from Dell DELL U.S.A. An elevation of privilege vulnerability exists in Dell Networking OS10, which could be exploited by an attacker with specific API access to gain administrator privileges on the affected system...

Nim code issue vulnerability

Nim is a statically typed programming language from the Nim community. nim has a code issue vulnerability that can be exploited by attackers to bypass checks and launch SSRF attacks using null bytes...