CVE-2021-27228

An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method names such as constructor or hasOwnProperty to convince the System that the supplied API Key exists...

rust-toolset:rhel8 bug fix and enhancement update

Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, the cargo-vendor plugin, and required libraries. Rust Toolset has been updated to version 1.47.0 BZ1883839. For detailed information on changes in this release, see the AlmaLinux.1...

hyper crate for Rust environment issue vulnerability

hyper crate for Rust is a Rust-based HTTP library. An environmental issue vulnerability exists in hyper crate for Rust that arises from an unreasonable environmental factor in a networked system or product...

UBUNTU-CVE-2021-26957

An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because there is an out-of-bounds read in xcb::xproto::changeproperty, as demonstrated by a format=32 T=u8 situation where out-of-bounds bytes are sent to an X server...

[SECURITY] Fedora 32 Update: python3-3.8.7-2.fc32

Python is an accessible, high-level, dynamically typed, interpreted program ming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the...

[SECURITY] Fedora 33 Update: golang-1.15.7-1.fc33

The Go Programming Language...

Binary Vulnerability in Cisco rv130w

Cisco is a leading global provider of networking solutions. A binary vulnerability exists in Cisco rv130w, which could allow an attacker to gain system root privileges by constructing rop under authentication...

CVE-2021-1243

A vulnerability in the Local Packet Transport Services LPTS programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access ...

Design/Logic Flaw

A vulnerability in the Local Packet Transport Services LPTS programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access ...

CVE-2021-1243 Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability

A vulnerability in the Local Packet Transport Services LPTS programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access ...

OESA-2021-1016 tpm2-tss security update

tpm2-tss is a software stack supporting Trusted Platform ModuleTPM 2.0 system APIs which provides TPM2.0 specified APIs for applications to access TPM module through kernel TPM drivers.\r\n\r\n Security Fixes:\r\n\r\n No description is available for this CVE.CVE-2020-24455\r\n\r\n...

Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability

A vulnerability in the Local Packet Transport Services LPTS programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access ...

Nim Input Validation Error Vulnerability

Nim is a statically typed programming language from the Nim community. An input validation error vulnerability exists in versions of Nim prior to 1.2.6, which stems from a failure of the standard library asyncftpclient to check whether a message contains line breaks. No details of the vulnerabili...

RHEL 7 : perl (RHSA-2021:0343)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0343 advisory. Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fixes: per...

JetBrains YouTrack 授权问题漏洞

JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. JetBrains YouTrack suffers from a user enumeration vulnerability that can be exploited by an...

Unspecified Vulnerability in Rust (CNVD-2021-13685)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Deserializer :: readvec in the cdr package of Rust prior to 0.2.4, which stems from the fact that the user-supplied read implementation of Deserializer :: readvec can access th...

Wolfssl Trust Management Issues Vulnerabilities

Wolfssl CyaSSL is the United States Wolfssl company for embedded systems developers to use a small, portable embedded SSL programming library. A trust management issue vulnerability exists in the DoTls13CertificateVerify function in the WolfSSL version 4.6.0 tls13.c file, which stems from not...

Unspecified Vulnerability in Rust (CNVD-2021-13684)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust prior to 9.0.0 that stems from an unsound conversion call in the asstring method. No details of the vulnerability are available at this time...

vulscan

This is a Python-based web application for vulnerability scanning and management. The application is built using Django and has several features, including: 1. Vulnerability Scanning: The application can scan for vulnerabilities in web applications using a variety of plugins POCs. 2. Plugin...

Moderate: Red Hat Security Advisory: perl security update

An update for perl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...