CVE-2021-38194

The CVE-2021-38194 issue affects the ark-r1cs-std crate for Rust (versions before 0.3.1). FieldVar::mul_by_inverse does not enforce constraints, allowing a malicious prover to produce an unsound proof that still verifies. The problem is caused by missing constraint checks in this method, compromi...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. a security vulnerability in ark-r1cs-std crate in Mozilla Rust before 0.3.1, which stems from FieldVar:: the mulbyinverse method does not enforce any constraints and can be exploited by an attacker to launch...

OSV-2021-1082 UNKNOWN READ in std::__1::__tree<std::__1::__value_type<std::__1::basic_string<char, std::__1::c

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24051 Crash type: UNKNOWN READ Crash state: std::1::tree, std::1...

CVE-2021-26764

SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit-std.php...

PHPGurukul Student Record System SQL注入漏洞

PHPGurukul Student Record System is an application that is vulnerable to SQL injection in version 4.0 of the PHPGurukul Student Record System. The vulnerability stems from a lack of validation of external input SQL statements in the id parameter of edit-std.php, which can be exploited by remote...

OSV-2021-998 Dynamic-stack-buffer-overflow in std::__1::__wrap_iter<char const*>::__wrap_iter

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36137 Crash type: Dynamic-stack-buffer-overflow WRITE 8 Crash state: std::1::wrapiter::wrapiter std::1::basicstring, std::1::allocatorch geos::io::StringTokenizer::StringTokenizer...

OSV-2021-977 Dynamic-stack-buffer-overflow in std::__1::pair<unsigned int, unsigned int>::pair<unsigned int, unsigned int, fal

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36062 Crash type: Dynamic-stack-buffer-overflow WRITE 4 Crash state: std::1::pair::pair::type, std::1::unw void GFWX::decode...

OSV-2021-950 Dynamic-stack-buffer-overflow in std::__1::__wrap_iter<hsql::Expr**>::__wrap_iter

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35944 Crash type: Dynamic-stack-buffer-overflow WRITE 8 Crash state: std::1::wrapiter::wrapiter std::1::vector ::makeiter std::1::vector ::begin...

ark-bls12-377 (=0.2.0), ark-crypto-primitives (=0.2.0) +19 more potentially affected by CVE-2021-38194 via ark-r1cs-std (=0.2.0)

ark-r1cs-std CARGO version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on ark-r1cs-std and may be impacted: - ark-bls12-377 =0.2.0 - ark-crypto-primitives =0.2.0 - ark-curve-constraint-tests =0.2.0 - ark-ed-on-bls12-377 =0.2.0 -...

Flaw in `FieldVar::mul_by_inverse` allows unsound R1CS constraint systems

Versions 0.2.0 to 0.3.0 of ark-r1cs-std did not enforce any constraints in the FieldVar::mulbyinverse method, allowing a malicious prover to produce an unsound proof that passes all verifier checks. This method was used primarily in scalar multiplication for shortweierstrass::ProjectiveVar. This...

RUSTSEC-2021-0075 Flaw in `FieldVar::mul_by_inverse` allows unsound R1CS constraint systems

Versions 0.2.0 to 0.3.0 of ark-r1cs-std did not enforce any constraints in the FieldVar::mulbyinverse method, allowing a malicious prover to produce an unsound proof that passes all verifier checks. This method was used primarily in scalar multiplication for shortweierstrass::ProjectiveVar. This...

`grep-cli` may run arbitrary executables on Windows

On Windows in versions of grep-cli prior to 0.1.6, it's possible for some of the routines to execute arbitrary executables. In particular, a quirk of the Windows process execution API is that it will automatically consider the current directory before other directories when resolving relative...

OSV-2021-801 UNKNOWN READ in std::__1::__tree<std::__1::__value_type<Json::Value::CZString, Json::Value>, std

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34665 Crash type: UNKNOWN READ Crash state: std::1::tree, std std::1::mapJson::Value::CZString, Json::Value, std::1::lessJson::Value::CZ Json::Value::begin...

OSV-2021-776 UNKNOWN READ in std::__1::__tree<std::__1::__value_type<Json::Value::CZString, Json::Value>, std

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34443 Crash type: UNKNOWN READ Crash state: std::1::tree, std std::1::mapJson::Value::CZString, Json::Value, std::1::lessJson::Value::CZ Json::Value::begin...

CVE-2021-29521 Segfault in SparseCountSparseOutput

TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in tf.rawops.SparseCountSparseOutput results in a segmentation fault being thrown out from the standard library as std::vector invariants are broken. This is because the...

OSV-2021-760 Heap-buffer-overflow in std::__1::char_traits<char>::length

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34230 Crash type: Heap-buffer-overflow READ 1 Crash state: std::1::chartraits::length std::1::basicstring, std::1::allocatorch ODDLParser::logInvalidTokenError...

Huawei EulerOS: Security Advisory for OpenEXR (EulerOS-SA-2021-1822)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : OpenEXR (EulerOS-SA-2021-1822)

According to the versions of the OpenEXR package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.CVE-2020-11764 - An issue...

CVE-2021-31162

In the standard library in Rust before 1.52.0, a double free can occur in the Vec::fromiter function if freeing the element panics...

Gafgyt Botnet Lifts DDoS Tricks from Mirai

Several variants of the Gafgyt Linux-based botnet malware family have incorporated code from the infamous Mirai botnet, researchers have discovered. Gafgyt a.k.a. Bashlite is a botnet that was first uncovered in 2014. It targets vulnerable internet of things IoT devices like Huawei routers, Realt...