just-safe-set 安全漏洞

just-safe-set is an npm module library. A security vulnerability exists in just-safe-set 1.0.0 through 2.2.1, which can be exploited by an attacker to cause a denial of service and possibly remote code execution...

PT-2021-21999 · Tokio · Tokio

Name of the Vulnerable Software and Affected Versions: tokio crate versions prior to 1.8.1 Description: An issue was discovered in the tokio crate where upon a JoinHandle::abort, a Task may be dropped in the wrong thread. This occurs when aborting a task with JoinHandle::abort and the future is...

Advisory ROSA-SA-2021-1996

Software: wget 1.14 OS: Cobalt 7.9 CVE-ID: CVE-2016-7098 CVE-Crit: HIGH CVE-DESC: The race condition in wget 1.17 and earlier, when used in recursive or mirror mode to download a single file, may allow remote servers to bypass perceived access list restrictions by leaving the HTTP connection open...

Command execution vulnerability in TamronOS IPTV/VOD system (CNVD-2021-49564)

TamronOS IPTV/VOD system is a set of Linux kernel-based development of broadband operators, hotels, schools, live on-demand all-in-one solution, the system provides a variety of clients Android set-top box, TV, PC on-demand, cell phone on-demand to facilitate user access through different devices...

The vulnerability of the `virtio_gpu_set_scanout` function in the `hw/display/virtio-gpu.c` component of the QEMU hardware emulation software occurs due to a lack of memory release mechanism before deleting the last reference. This allows a malicious actor to trigger a service failure.

The vulnerability of the virtiogpusetscanout function in the hw/display/virtio-gpu.c component of the QEMU hardware emulation software is related to a lack of a mechanism for freeing memory before deleting the last pointer. Exploiting this vulnerability allows an attacker to trigger a service...

OWASP ModSecurity Core Rule Set 安全漏洞

The OWASP ModSecurity Core Rule Set CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. A security vulnerability exists in the OWASP ModSecurity Core Rule Set that stems from inadequate implementation of security measures in the default...

RawSpeed 缓冲区错误漏洞

RawSpeed is a full-line solution for Internet users to upload and download large files. A buffer overflow vulnerability exists in RawSpeed, which stems from an out-of-bounds read/write operation occurring due to a failure to validate memory boundaries during a call to the TableLookUp::setTable...

CVE-2021-21005

In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network stack will crash. The device needs to be rebooted afterwards...

CVE-2021-23398

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting XSS via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output...

Cross site scripting

An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases...

CVE-2021-24000

A race condition with requestPointerLock and setTimeout could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements such as input type="file" this could have led to an attack where a user was confused about the origin...

JFinal 跨站脚本漏洞

JFinal is a Java language based WEB + ORM open source framework. JFinal JFinal has a security vulnerability that stems from the set method of the Controller class in Jfinal version v4.9.10 and below is not strictly filtered , which can lead to XSS vulnerability in some cases...

Linux-PAM 安全漏洞

Linux-pam is a pluggable-supported system authentication software for Linux from the Linux-pam team. A security vulnerability exists in Linux-PAM that allows a local attacker to exploit the vulnerability to set quotas on arbitrary filesystems, in some cases the home directory of the attacker to...

Prototype Pollution

Overview Prototype pollution vulnerability in ‘set-getter’ version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution. Recommendation Upgrade to version 0.1.1 or later References - CVE - GitHub Advisory...

SerenityOS 缓冲区错误漏洞

SerenityOS is a graphical Unix-like operating system for x86 computers. A stack buffer overflow vulnerability exists in the setrange test in TestBitmap in SerenityOS. An attacker can exploit this vulnerability to obtain sensitive information...

Prototype Pollution

Overview merge-change is a Deep merge of objects and other types, also for patches and immutable updates. Affected versions of this package are vulnerable to Prototype Pollution via the utils.set function. Details Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution...

Denial Of Service (DoS)

Mutt is vulnerable to denial of service. An out-of-bounds read in imap/util.c where an IMAP sequence set ends with a comma could result in disclosure of confidential information or an application crash...

Deposits can be denied by abusing maxContractBalance

Handle cmichel Vulnerability details Vulnerability Details The treasury implements a max contract balance check in the deposit function: require erc20.balanceOfaddressthis + amount This is not only restricted to whales, miners/users can do the same using same-block cross-transaction flashloans an...

Unbreakable Enterprise kernel security update

5.4.17-2102.202.5 - sctp: delay autoasconf init until binding the first addr Xin Long Orabug: 32907967 CVE-2021-23133 CVE-2021-23133 - dm ioctl: fix out of bounds array access when no devices Mikulas Patocka Orabug: 32860491 CVE-2021-31916 - uek-rpm: update kABI lists for the new symbols Saeed...

Unbreakable Enterprise kernel-container security update

4.14.35-2047.504.2.el7 - md/raid1: properly indicate failure when ending a failed write request Paul Clements Orabug: 32887159 - video: hypervfb: Add ratelimit on error message Michael Kelley Orabug: 32856879 - Drivers: hv: vmbus: Initialize unloadevent statically Andrea Parri Microsoft Orabug:...