openssl-sys (>=0.9.35 <=0.9.37) potentially affected by CVE-2021-23840 via openssl-src (=110.0.7+1.1.0i)

openssl-src CARGO version =110.0.7+1.1.0i is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - openssl-sys =0.9.35, =0.9.37 Source cves: CVE-2021-23840 Source advisory: OSV:GHSA-QGM6-9472-PWQ7...

GHSA-QGM6-9472-PWQ7 Integer Overflow in openssl-src

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

CVE-2020-18735

CVE-2020-18735 relates to Eclipse IoT Cyclone DDS Project v0.1.0, with a heap buffer overflow in /src/dds_stream.c that causes the DDS subscriber server to crash. The connected documents confirm the root cause and the vulnerable file, and consistently describe a crash as the impact. No exploitati...

The vulnerability of the Thunderbird email client, related to the disclosure of information, allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Thunderbird email client is related to the exposure of information. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information through the src attribute...

CVE-2021-38291

FFmpeg version git commit de8e6e67e7523e48bb27ac224a0b446df05e1640 suffers from a an assertion failure at src/libavutil/mathematics.c...

CVE-2021-37232

A stack overflow vulnerability occurs in Atomicparsley 20210124.204813.840499f through AParread64 in src/util.cpp due to the lack of buffer size of uint32buffer while reading more bytes in AParread64...

CVE-2021-37232

CVE-2021-37232 describes a stack overflow in AtomicParsley (version 20210124.204813.840499f) triggered by APar_read64() in src/util.cpp due to the lack of buffer size for uint32_buffer when reading more bytes. Public sources (NVD) assign a high to critical impact (CVSS v3.1: 9.8, HIGH/CRITICAL ac...

PT-2021-15503 · Video.Js +1 · Video.Js +1

Name of the Vulnerable Software and Affected Versions: video.js versions prior to 7.14.3 Description: The issue allows bypassing HTML escaping and executing arbitrary code through the src attribute of the track tag. Recommendations: For versions prior to 7.14.3, update to version 7.14.3 or later ...

Design/Logic Flaw

A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpcenc.c...

CVE-2021-27845

A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpcenc.c...

PT-2024-11246 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak vulnerability has been resolved in the Linux kernel. The issue is related to the ip mc add1 src function, where an unreferenced object is created, leading to a memory lea...

CVE-2021-3588

CVE-2021-3588 affects BlueZ (BlueZ Bluetooth stack). The issue is in cli_feat_read_cb() in src/gatt-database.c where bounds checks on offset are missing before indexing an array, potentially exposing memory contents. Multiple advisories indicate downstream risk and mitigation via upgrading BlueZ ...

Denial Of Service (DoS)

libsolv.so is vulnerable to denial of service. An attacker may crash the application via the Solver testcasereadPool pool, FILE fp, const char testcase, Queue job, char resultp, int resultflagsp function at src/testcase.c: line 2334...

CVE-2020-21833

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read2004sectionclasses ../../src/decode.c:2440...

Input validation

In YzmCMS 5.6, XSS was discovered in member/membercontent/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3...

CVE-2020-23369

In YzmCMS 5.6, XSS was discovered in member/membercontent/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3...

CVE-2020-23369

CVE-2020-23369 affects YzmCMS 5.6, where a cross-site scripting vulnerability exists in member/member_content/init.html due to using UEditor 1.4.3.3 . The underlying issue is an XSS via the SRC attribute of an IFRAME element, allowing injected scripts. Public records in NVD/CNVD/CNNVD confirm the...

GHSA-G4HJ-R7R3-9RWV OS Command Injection in gulp-scss-lint

gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options...

openssl-sys (>=0.9.35 <=0.9.37) potentially affected by CVE-2021-3449 via openssl-src (=110.0.7+1.1.0i)

openssl-src CARGO version =110.0.7+1.1.0i is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - openssl-sys =0.9.35, =0.9.37 Source cves: CVE-2021-3449 Source advisory: OSV:RUSTSEC-2021-0055...

CVE-2021-26541

The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability...