CVE-2020-27830

CVE-2020-27830 is a Linux Kernel vulnerability where spk_ttyio_receive_buf2() can dereference spk_ttyio_synth when it is NULL, causing a NULL-pointer dereference crash. The connected Nessus advisories (Unity Linux UTSA-2026-001485, UTSA-2026-004226, UTSA-2026-003925) reference this CVE as part of...

CVE-2020-27830

A vulnerability was found in Linux Kernel where in the spkttyioreceivebuf2 function, it would dereference spkttyiosynth without checking whether it is NULL or not, and may lead to a NULL-ptr deref crash...

Arbitrary JavaScript Execution

Overview There is a security vulnerability in json-ptr versions prior to v2.1.0 in which an unscrupulous actor may execute arbitrary code. If your code sends un-sanitized user input to json-ptr's .get method, your project is vulnerable to this injection-style vulnerability. Recommendation Upgrade...

@agentscript-ai/linear (>=0.1.0 <=0.9.0), @appscode/json-filter (>=0.0.1 <=0.0.6) +254 more potentially affected by CVE-2020-7766 via json-ptr (>=0.1.1 <=2.0.0)

json-ptr NPM version =0.1.1, =0.1.0, =0.0.1, =0.0.1, =1.0.0, =1.0.0, =2.0.0-pr.1, =0.0.1-alpha.1, =1.0.1, =1.9.0, =1.6.0, =1.3.1, =2.1.1, =1.1.0, =1.4.3 and more Source cves: CVE-2020-7766 Source advisory: OSV:GHSA-X5R6-X823-9848...

Arbitrary Code Execution in json-ptr

npm json-ptr before 2.1.0 has an arbitrary code execution vulnerability. The issue occurs in the set operation when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution...

GHSA-X5R6-X823-9848 Arbitrary Code Execution in json-ptr

npm json-ptr before 2.1.0 has an arbitrary code execution vulnerability. The issue occurs in the set operation when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution...

DEBIAN-CVE-2020-27170

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This...

CVE-2020-27170

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This...

move_elements can double-free objects on panic

Affected versions of scratchpad used ptr::read to read elements while calling a user provided function f on them. Since the pointer read duplicates ownership, a panic inside the user provided f function could cause a double free when unwinding. The flaw was fixed in commit 891561bea by removing t...

RUSTSEC-2021-0030 move_elements can double-free objects on panic

Affected versions of scratchpad used ptr::read to read elements while calling a user provided function f on them. Since the pointer read duplicates ownership, a panic inside the user provided f function could cause a double free when unwinding. The flaw was fixed in commit 891561bea by removing t...

insert_slice_clone can double drop if Clone panics.

Affected versions of this crate used ptr::copy when inserting into the middle of a Vec. When ownership was temporarily duplicated during this copy, it calls the clone method of a user provided element. This issue can result in an element being double-freed if the clone call panics. Commit 20cb73d...

RUSTSEC-2021-0018 insert_slice_clone can double drop if Clone panics.

Affected versions of this crate used ptr::copy when inserting into the middle of a Vec. When ownership was temporarily duplicated during this copy, it calls the clone method of a user provided element. This issue can result in an element being double-freed if the clone call panics. Commit 20cb73d...

CentOS 8 : libwmf (CESA-2019:2722)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2019:2722 advisory. - gd: Double free in the gdImagePtr in gdgifout.c, gdjpeg.c, and gdwbmp.c CVE-2019-6978 Note that Nessus has not tested for this issue but has instead relied on...

insert_many can drop elements twice on panic

Affected versions of insertmany used ptr::copy to move over items in a vector to make space before inserting, duplicating their ownership. It then iterated over a provided Iterator to insert the new items. If the iterator's .next method panics then the vector would drop the same elements twice...

CVE-2020-27830

A vulnerability was found in Linux Kernel where in the spkttyioreceivebuf2 function, it would dereference spkttyiosynth without checking whether it is NULL or not, and may lead to a NULL-ptr deref crash...

RUSTSEC-2021-0009 panic safety issue in `impl TransformContent<S, D> for [S; (2|3|4)]`

Affected versions of this crate did not guard against double drop while temporarily duplicating objects' ownership using ptr::read. Upon panic in a user-provided function conversion, objects that are copied by ptr::read are dropped twice, leading to memory corruption. The flaw was corrected in...

panic safety issue in `impl TransformContent<S, D> for [S; (2|3|4)]`

Affected versions of this crate did not guard against double drop while temporarily duplicating objects' ownership using ptr::read. Upon panic in a user-provided function conversion, objects that are copied by ptr::read are dropped twice, leading to memory corruption. The flaw was corrected in...

EventList's From<EventList> conversions can double drop on panic.

Affected versions of this crate read from a container using ptr::read in From, and then call a user specified Into function. This issue can result in a double-free if the user provided function panics...

RUSTSEC-2021-0011 EventList's From<EventList> conversions can double drop on panic.

Affected versions of this crate read from a container using ptr::read in From, and then call a user specified Into function. This issue can result in a double-free if the user provided function panics...

Multiple soundness issues in `Ptr`

Affected versions of this crate have the following issues: 1. Ptr implements Send and Sync for all types, this can lead to data races by sending non-thread safe types across threads. 2. Ptr::get violates mutable alias rules by returning multiple mutable references to the same object. 3. Ptr::writ...