golang: crypto/tls: certificate of wrong type is causing TLS client to panic

A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists or can be issued, or the client is configured with...

CVE-2021-3672

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as we...

CVE-2021-38191

An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread...

CVE-2021-38191

An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread...

CVE-2021-38191

An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread...

CVE-2021-38191

An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread...

Amazon Linux 2 : curl (ALAS-2021-1693)

The version of curl installed on the remote host is prior to 7.76.1-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1693 advisory. A flaw was found in libcurl from versions 7.29.0 through 7.71.1. An application that performs multiple requests with libcurl...

Mitsubishi Electric MELSEC iQ-R series 授权问题漏洞

The Mitsubishi Electric MELSEC iQ-R series is a programmable logic controller from Mitsubishi Electric, Japan. An authorization issue vulnerability exists in the Mitsubishi Electric MELSEC iQ-R series, which arises from a flaw in the logic of the product login module. An attacker could lock out a...

CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

GitLab 输入验证错误漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to view a project's file contents, commit history, bug lists, and more. An input validation error vulnerability exists in GitLab th...

CVE-2020-23243

Cross Site Scripting XSS vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrongpathredirect" feature...

NavigateCMS 跨站脚本漏洞

A cross-site scripting vulnerability exists in Navigate CMS version 2.9, which is a powerful and intuitive content management system. The vulnerability can be exploited to conduct cross-site scripting attacks via the name="wrongpathredirect" function...

Wrong Content

curl:edge shows wrong content via metalink as it is not discarded...

SUSE: Security Advisory (SUSE-SU-2021:2440-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

libcurl 资源管理错误漏洞

libcurl is a tool for transferring data from or to a server. A resource management error vulnerability exists in libcurl that stems from the presence of a logic error that could cause libcurl to reuse the wrong connection...

CVE-2020-36430

libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decodechars called from decodefont and processtext because the wrong integer data type is used for subtraction...

libass 缓冲区错误漏洞

libass is a subtitle renderer based on the ASS/SSA format by an individual developer. A security vulnerability exists in libass that stems from a heap-based buffer overflow because the wrong integer data type is used for subtraction...

Reward computation is wrong

Handle cmichel Vulnerability details The LendingPair.accrueAccount function distribtues rewards before updating the cumulative supply / borrow indexes as well as the index + balance for the user by minting supply tokens / debt. This means the percentage of the user's balance to the total is not...

CVE-2021-33713

A vulnerability has been identified in JT Utilities All versions V13.0.2.0. When parsing specially crafted JT files, a hash function is called with an incorrect argument leading the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the...