Null pointer dereference

A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finplaceshiftmoovmetaoffsets function, which causes a Denial of Servie context-dependent...

PT-2022-12525 · Gpac · Gpac

Name of the Vulnerable Software and Affected Versions: GPAC version 1.0.1 Description: A Pointer Dereference issue exists in GPAC, which causes a Denial of Service. This issue is context-dependent and occurs via ShiftMetaOffset.isra. Recommendations: For GPAC version 1.0.1, consider disabling the...

PT-2022-12520 · Gpac · Gpac

Name of the Vulnerable Software and Affected Versions: GPAC version 1.0.1 Description: A Pointer Dereference issue exists via the shift chunk offsets.part function, which causes a Denial of Service. This issue is context-dependent. Recommendations: For GPAC version 1.0.1, as a temporary workaroun...

PT-2022-12521 · Gpac · Gpac

Name of the Vulnerable Software and Affected Versions: GPAC version 1.0.1 Description: A Pointer Dereference issue exists via the finplace shift moov meta offsets function, which causes a Denial of Service. Recommendations: For GPAC version 1.0.1, consider disabling the finplace shift moov meta...

ALPINE-CVE-2021-45960

In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory...

AZL-7124 CVE-2021-45960 affecting package expat for versions less than 2.4.3-1

In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory...

DEBIAN-CVE-2021-45960

In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory...

UBUNTU-CVE-2021-45960

In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory...

CVE-2021-45960

In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory...

PT-2021-6138 · Expat +12 · Expat +12

Name of the Vulnerable Software and Affected Versions: Expat aka libexpat versions prior to 2.4.3 Description: The issue is related to a left shift by 29 or more places in the storeAtts function in xmlparse.c, which can lead to realloc misbehavior, such as allocating too few bytes or only freeing...

CVE-2021-41272

Besu is an Ethereum client written in Java. Starting in version 21.10.0, changes in the implementation of the SHL, SHR, and SAR operations resulted in the introduction of a signed type coercion error in values that represent negative values for 32 bit signed integers. Smart contracts that ask for...

Type confusion

Besu is an Ethereum client written in Java. Starting in version 21.10.0, changes in the implementation of the SHL, SHR, and SAR operations resulted in the introduction of a signed type coercion error in values that represent negative values for 32 bit signed integers. Smart contracts that ask for...

CVE-2021-41272

CVE-2021-41272 affects the Besu Ethereum client (Java). Beginning with 21.10.0, changes to SHL/SHR/SAR caused a signed type coercion error for negative values in 32-bit integers. Consequence: on networks with mixed vulnerable/non‑vulnerable miners, forks may occur and affected transactions may be...

Stay Ahead of Threats With Cloud Workload Protection

When it comes to cloud-native applications, optimal security requires a modern, integrated, and automated approach that starts in development and extends to runtime protection. Cloud workload protection CWP helps make that goal possible by bringing major structural changes to software development...

Wiz magic shifts left

Fixing vulnerabilities and misconfigurations in the pipeline before deployment makes perfect sense - it reduces the overall threat footprint and saves time. Wiz offers customers a straightforward way to operationalize a Shift Left strategy...

json-smart: uncaught exception may lead to crash or information disclosure

A flaw was found in json-smart. When an exception is thrown from a function, but is not caught, the program using the library may crash or expose sensitive information. The highest threat from this vulnerability is to data confidentiality and system availability. In OpenShift Container Platform...

Red Hat OpenShift Container Platform安全漏洞

Red Hat OpenShift Container Platform is a suite of application platforms from Red Hat, Inc. that enables organizations to develop, deploy and manage existing container-based applications across physical, virtual and public cloud infrastructures. A security vulnerability exists in Red Hat OpenShif...

QSC Day 2 Recap: Innovation Makes for Better Defense, Improves Resilience

If 2020 was the year of disruption, then 2021 was characterized by high-profile—and low-profile—cyberattacks against the likes of JBS Supply, Colonial Pipeline, and Kaseya. Three years that underscored the need for organizations not only to defend themselves but to become resilient to weather and...

GSD-2021-1002084 nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells

nvmem: Fix shift-out-of-bound UBSAN with byte size cells This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.14.14 by commit...

UVI-2021-1002084 nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells

nvmem: Fix shift-out-of-bound UBSAN with byte size cells This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.14.14 by commit...