Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::getToken. Date published : 2021-06-30 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22850 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/keystone/OSV-2020-789.yaml
Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl::~SmallVectorImpl. Date published : 2021-06-30 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22371 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/keystone/OSV-2020-1506.yaml
HTSlib 1.10 through 1.10.2 allows out-of-bounds write access in vcf_parse_format (called from vcf_parse and vcf_read). Date published : 2021-06-30 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24097 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/htslib/OSV-2020-955.yaml
Solidity 0.7.5 has a stack-use-after-return issue in smtutil::CHCSmtLib2Interface::querySolver. NOTE: c39a5e2b7a3fabbf687f53a2823fc087be6c1a7e is cited in the OSV "fixed" field but does not have a code change. Date published : 2021-06-30 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26997 https://github.com/ethereum/solidity/commit/c39a5e2b7a3fabbf687f53a2823fc087be6c1a7e
mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and obj_free). Date published : 2021-06-30 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23801 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/mruby/OSV-2020-744.yaml
ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, a different vulnerability than CVE-2021-20235. Date published : 2021-06-30 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26042 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libzmq/OSV-2020-1887.yaml
A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QuLog Center versions prior...
An XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior...
In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field. Date published : 2021-06-29...
** DISPUTED ** TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor’s position is that tf.keras.utils.get_file is not intended for untrusted...
Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication, as exploited in the...
Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces. Date published : 2021-06-29 https://github.com/istio/istio/releases https://istio.io/latest/news/security/istio-security-2021-007
An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor Date published : 2021-06-29...
An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm...