jwt-go: access restriction bypass vulnerability

A vulnerability was found in jwt-go where it is vulnerable to Access Restriction Bypass if m"aud" happens to be string, as allowed by the spec, the type assertion fails and the value of aud is "". This can cause audience verification to succeed even if the audiences being passed are incorrect if...

etcd: Large slice causes panic in decodeRecord method

A flaw was found In etcd, where a large slice causes panic in the decodeRecord method. The size of a record is stored in the length field of a WAL file, and no additional validation is performed on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionall...

UBUNTU-CVE-2021-30014

There is a integer overflow in mediatools/avparsers.c in the hevcparseslicesegment function in GPAC from v0.9.0-preview to 1.0.1 which results in a crash...

CVE-2021-30014

There is a integer overflow in mediatools/avparsers.c in the hevcparseslicesegment function in GPAC from v0.9.0-preview to 1.0.1 which results in a crash...

GPAC 输入验证错误漏洞

GPAC is a multimedia framework for rich media and distributed under the LGPL license. An integer overflow vulnerability exists in the hevcparseslicesegment function in mediatools/avparsers.c in GPAC version 1.0.1. An attacker can exploit this vulnerability to cause a program crash...

Rust Resource Management Error Vulnerability (CNVD-2021-29836)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A resource management error vulnerability exists in slice-deque crate for Rust 2021-02-19 and earlier versions, which originates from SliceDeque::drainfilter.No detailed vulnerability details are available at th...

PT-2021-12083 · Revel · Revel

Name of the Vulnerable Software and Affected Versions: revel versions prior to 1.0.0 Description: The issue is caused by unsanitized input in the query parser, allowing remote attackers to cause resource exhaustion via memory allocation. An attacker can manipulate the request query sent to an...

CVE-2021-29938

An issue was discovered in the slice-deque crate through 2021-02-19 for Rust. A double drop can occur in SliceDeque::drainfilter upon a panic in a predicate function...

Double free

An issue was discovered in the slice-deque crate through 2021-02-19 for Rust. A double drop can occur in SliceDeque::drainfilter upon a panic in a predicate function...

CVE-2021-29938

An issue was discovered in the slice-deque crate through 2021-02-19 for Rust. A double drop can occur in SliceDeque::drainfilter upon a panic in a predicate function...

CVE-2021-29938

CVE-2021-29938 concerns the Rust slice-deque crate. The connected advisories indicate that SliceDeque::drain_filter can drop the last element twice if the predicate panics, due to the implementation mutating the drain-filter iterator index before invoking the predicate. Affected scope is the slic...

Rust 资源管理错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A resource management error vulnerability exists in slice-deque crate for Rust 2021-02-19 and earlier versions, which originates from SliceDeque::drainfilter.No detailed vulnerability details are available at th...

New 5G Flaw Exposes Priority Networks to Location Tracking and Other Attacks

New research into 5G architecture has uncovered a security flaw in its network slicing and virtualized network functions that could be exploited to allow data access and denial of service attacks between different network slices on a mobile operator's 5G network. AdaptiveMobile shared its finding...

New 5G Flaw Exposes Priority Networks to Location Tracking and Other Attacks

New research into 5G architecture has uncovered a security flaw in its network slicing and virtualized network functions that could be exploited to allow data access and denial of service attacks between different network slices on a mobile operator's 5G network. AdaptiveMobile shared its finding...

The vulnerability in the implementation of the gst_h264_slice_parse_dec_ref_pic_marking function in the gst-plugins-bad plugin for the Gstreamer multimedia framework allows a attacker to execute arbitrary code.

The vulnerability in the implementation of the gsth264sliceparsedecrefpicmarking function in the gst-plugins-bad plugin for the Gstreamer multimedia framework is related to the execution of operations outside of the buffer boundaries in memory. Exploiting this vulnerability could allow a maliciou...

CVE-2021-0382

In checkSlicePermission of SliceManagerService.java, there is a possible resource exposure due to an incorrect permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

CVE-2021-0372

In getMediaOutputSliceAction of RemoteMediaSlice.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2021-21617

A cross-site request forgery CSRF vulnerability in Jenkins Configuration Slicing Plugin 1.51 and earlier allows attackers to apply different slice configurations...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Configuration Slicing Plugin 1.51 and earlier allows attackers to apply different slice configurations...

aiowrap (=0.1.0), ambisonic (>=0.1.0 <=0.3.1) +157 more potentially affected by CVE-2021-29938 via slice-deque (>=0.1.16 <=0.3.0)

slice-deque CARGO version =0.1.16, =0.1.0, =0.8.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.8.0, =0.3.0, =0.3.0, =0.4.0, =0.8.0, =0.15.3 and more Source cves: CVE-2021-29938 Source advisory: OSV:RUSTSEC-2021-0047...