ALPINE-CVE-2021-32628

Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist...

DEBIAN-CVE-2021-32687

Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the...

DEBIAN-CVE-2021-32628

Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist...

UBUNTU-CVE-2021-32687

Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the...

UBUNTU-CVE-2021-32628

Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist...

PT-2021-4342 · Redis +9 · Redis +9

Name of the Vulnerable Software and Affected Versions: Redis versions prior to 5.0.14 Redis versions prior to 6.0.16 Redis versions prior to 6.2.6 Description: The issue is related to an integer overflow bug in the ziplist data structure used by Redis, which can be exploited to corrupt the heap a...

PT-2021-4407 · Redis +9 · Redis +9

Name of the Vulnerable Software and Affected Versions: Redis versions prior to 5.0.14 Redis versions prior to 6.0.16 Redis versions prior to 6.2.6 Description: The issue is related to an integer overflow bug in Redis that can be exploited to corrupt the heap and potentially trigger remote code...

Cross-Site Request Forgery (CSRF) in collectiveaccess/providence

Description I have found more endpoints which allow edit/duplicate were not protected from CSRF, the following endpoints are: 1: Edit Global Value in Pawtucket. 2: Change object type. 3: Duplicate object. 4: Duplicate items in the set and add to another set. Proof of Concept Via GET requests: 1...

GHSA-VRXP-MG9F-HWF3 Improperly Implemented path matching for in-toto-golang

Impact Authenticated attackers posing as functionaries i.e., within a trusted set of users for a layout are able to create attestations that may bypass DISALLOW rules in the same layout. An attacker with access to trusted private keys, may issue an attestation that contains a disallowed artifact ...

UBUNTU-CVE-2021-39584

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function namespacesethash located in pool.c. It allows an attacker to cause Denial of Service...

The vulnerability of the `xdr_set_page_base` function in the `net/sunrpc/xdr.c` component of the Linux operating system, which is related to the operation of writing data beyond the buffer boundaries, allows a malicious actor to trigger a service failure.

The vulnerability of the xdrsetpagebase function in the net/sunrpc/xdr.c component of the Linux operating system is related to operations that go beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure through a large number o...

CVE-2021-23440

A type confusion vulnerability in nodejs-set-value can lead to a bypass of CVE-2019-10747. If the user-provided keys used in the path parameter are arrays, the function mixin-deep can be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that can be exploited by an attacker to run code through the MIPS CBPF JIT compiler branch instruction...

The function addToken does not check if the token was already added

Handle hrkrshnn Vulnerability details addToken does not check if the token was already added The function addToken does not check if the token was already present. function addToken address vault, address token external override notHalted onlyStrategist requireallowedTokenstoken, "!allowedTokens"...

kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c

A flaw was discovered in processing setsockopt IPTSOSETREPLACE or IP6TSOSETREPLACE for 32 bit processes on 64 bit systems. This flaw will allow local user to gain privileges or cause a DoS through user name space. This action is usually restricted to root-privileged users but can also be leverage...

kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c

A flaw was discovered in processing setsockopt IPTSOSETREPLACE or IP6TSOSETREPLACE for 32 bit processes on 64 bit systems. This flaw will allow local user to gain privileges or cause a DoS through user name space. This action is usually restricted to root-privileged users but can also be leverage...

Prototype Pollution

@viking04/merge is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype via the set and zipObject function...

@enonic/semantic-ui-react-form (>=2.1.0 <=2.3.0) potentially affected by CVE-2021-23440 via set-value (=4.0.0)

set-value NPM version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on set-value and may be impacted: - @enonic/semantic-ui-react-form =2.1.0, =2.3.0 Source cves: CVE-2021-23440 Source advisory: OSV:GHSA-4JQC-8M5R-9RPR...

Prototype Pollution in set-value

This affects the package set-value. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

@alitajs/cordova (>=2.0.0 <=2.3.2), @alitajs/create-alita (=1.0.0-beta.1) +138 more potentially affected by CVE-2021-23440 via set-value (>=3.0.0 <=3.0.2)

set-value NPM version =3.0.0, =2.0.0, =2.0.0, =1.1.21, =1.1.9, =1.0.0, =1.4.0, =1.1.21, =1.0.0-alpha.115, =1.0.0-alpha.1, =1.0.0-alpha.3, =0.0.1, =0.0.1, =1.2.0, =1.2.1 and more Source cves: CVE-2021-23440 Source advisory: OSV:GHSA-4JQC-8M5R-9RPR...