Insecure TLS Configuration

libcurl.so uses an insecure TLS configuration. The selected cipher set was stored in a single "static" variable in the library, and due to an error in code, the last cipher that is set would control the set used by all transfers...

OESA-2021-1221 redis security update

Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets. Security Fixes: Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache, and message broker. An integer...

CVE-2021-25949

Prototype pollution vulnerability in 'set-getter' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution...

CVE-2021-25949

Prototype pollution vulnerability in 'set-getter' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution...

Remote code execution

Prototype pollution vulnerability in 'set-getter' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution...

CVE-2021-25949

Prototype pollution vulnerability in 'set-getter' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution...

CVE-2021-25949

CVE-2021-25949 is a prototype pollution flaw in the npm package set-getter (v0.1.0) that can cause denial of service and may lead to remote code execution. The vulnerability is documented across multiple sources, which indicate the affected component and a fix path: upgrade to set-getter v0.1.1 o...

set-getter 安全漏洞

set-getter is a software package. A security vulnerability exists in set-getter 0.1.0 that can be exploited by an attacker to cause a denial of service and potentially lead to remote code execution...

Privilege escalation

Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to weak set of permissions being granted to the "Authenticat...

SUSE: Security Advisory (SUSE-SU-2016:0748-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the set function in the object-path library of the Aurora Application Software Center, related to uncontrolled changes to prototype attributes of objects, allows attackers to execute a “prototype pollution” attack.

The vulnerability of the set function in the object-path library of the Aurora application software is related to uncontrolled changes in object prototypes’ attributes. Exploiting this vulnerability could allow a malicious actor to execute an “infection of the prototype” attack...

SUSE: Security Advisory (SUSE-SU-2016:2018-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the set function in the set-value library of the Afroara Application Software Center, related to uncontrolled changes in object prototypes’ attributes, allows attackers to execute a “prototype pollution” attack.

The vulnerability of the set function in the set-value library of the Afroa Application Software is related to uncontrolled changes in object prototypes’ attributes. Exploiting this vulnerability could allow a malicious actor to carry out a “prototype contamination” attack...

CVE-2021-32198

EmTec ZOC through 8.02.4 allows remote servers to cause a denial of service Windows GUI hang by telling the ZOC window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. In other words, it does not implement a usleep or similar delay upon...

MobaXterm 资源管理错误漏洞

Mobatek MobaXterm is a suite of terminal software from the French company Mobatek that integrates an enhanced terminal, an X server and a Unix command set GNU/Cygwin. MobaXterm prior to 21.0 suffers from a security vulnerability that allows a remote server to cause a denial of service Windows GUI...

Mintty 安全漏洞

Mintty is an application software Cygwin terminal emulator, also available for MSYS and Msys2. Mintty has a security vulnerability that can be exploited by an attacker to cause a denial of service Windows GUI hang by telling the Mintty window to repeatedly change its title at high speed, which...

FFmpeg 安全漏洞

FFmpeg is a complete solution for recording, converting and streaming audio and video. A security vulnerability exists in FFmpeg due to a memory leak in the av dictionary set function in dict.c. An attacker could use this vulnerability to conduct a denial-of-service attack. The vulnerability can ...

FFmpeg 安全漏洞

FFmpeg is a complete solution for recording, converting and streaming audio and video. A security vulnerability exists in FFmpeg due to a memory leak in the av dictionary set function in dict.c. An attacker could use this vulnerability to conduct a denial-of-service attack. The vulnerability can ...

GSD-2021-1000211 arm64: entry: always set GIC_PRIO_PSR_I_SET during entry

arm64: entry: always set GICPRIOPSRISET during entry This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.5 by commit...

GSD-2021-1000015 netfilter: nftables: clone set element expression template

netfilter: nftables: clone set element expression template This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.11.16 by commit...