Mozilla Rust Denial of Service Vulnerability (CNVD-2021-61402)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Mozilla Rust suffers from a denial-of-service vulnerability that can be exploited by attackers to cause data contention by sending specially crafted requests...

Mozilla Rust Denial of Service Vulnerability (CNVD-2021-61403)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation.A denial-of-service vulnerability exists in the appendix box of Mozilla Rust versions prior to November 15, 2020, which can be exploited by an attacker to cause data contention by sending a specially crafted...

Larvata Flygo 安全漏洞

Larvata Flygo is an attendance clocking software from Larvata Taiwan. Larvata Flygo contains Insecure Direct Object Reference has a security vulnerability that allows a remote attacker authenticated as a regular user to manipulate user data by specifying the employee's ID in an API parameter and...

Rust 命令注入漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A command injection vulnerability exists in Chopinsky bytebuffer in Mozilla Rust, which can be exploited by attackers to cause memory corruption...

Rust 命令注入漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Mozilla Rust is vulnerable to a command injection vulnerability that could be exploited by attackers to trigger undefined behavior and memory corruption...

DEBIAN-CVE-2021-29923

Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which in some situations allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR...

CVE-2021-29923

Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which in some situations allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR...

CVE-2021-29923

Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which in some situations allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR...

CVE-2021-29923

Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which in some situations allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR...

CVE-2021-33195

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection e.g., XSS that does not conform to the RFC1035 format...

Crossbeam 竞争条件问题漏洞

Crossbeam is a tool for individual developers that applies to concurrent programming. A security vulnerability exists in crossbeam-deque, which is used to build task schedulers when programming in Rust...

[SECURITY] Fedora 34 Update: redis-6.2.5-1.fc34

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

Fedora: Security Advisory for golang (FEDORA-2021-25c0011e78)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang (FEDORA-2021-1bfb61f77c)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

GitLab: ReDoS in syntax highlighting due to Rouge

Summary Gitlab is using the ruby gem "rouge" which has a ReDoS vulnerability. In rouge, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have cubic worst-case complexity and are vulnerable to Regular Expression Denial of Service...

[SECURITY] Fedora 33 Update: golang-1.15.14-1.fc33

The Go Programming Language...

[SECURITY] Fedora 34 Update: golang-1.16.6-1.fc34

The Go Programming Language...

Malware Makers Using ‘Exotic’ Programming Languages

Malware authors are increasingly using rarely spotted programming languages such as Go, Rust, Nim and DLang in order to create new tools and to hinder analysis, researchers have found. Use of those four languages is escalating in the number of malware families being identified, according to a...

RPCMS 跨站脚本漏洞

RPCMS is a software application, a web CMS system. RPCMS suffers from a cross-site scripting vulnerability that stems from a failure to properly clean up the nickname variable before it is displayed on a page in RPCMS v1.8 versions and below. With the API functionality turned on, an attacker can...

Dell NetWorker 安全漏洞

DELL EMC NetWorker is a suite of unified backup and recovery software from Dell DELL USA. The software provides backup and recovery, deduplication elimination, backup reporting, and other features. A security vulnerability exists in DELL EMC NetWorker that originates from an improper implementati...