CVE-2019-16137
An issue was discovered in the spin crate before 0.5.2 for Rust, when RwLock is used. Because memory ordering is mishandled, two writers can acquire the lock at the same time, violating mutual exclusion.
Source: CVE-2019-16137
[월:] 2019년 09월
CVE-2019-16140
CVE-2019-16140
An issue was discovered in the chttp crate before 0.1.3 for Rust. There is a use-after-free during buffer conversion.
Source: CVE-2019-16140
CVE-2019-16138
CVE-2019-16138
An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::set_len is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution.
Source: CVE-2019-16138
CVE-2019-16142
CVE-2019-16142
An issue was discovered in the renderdoc crate before 0.5.0 for Rust. Multiple exposed methods take self by immutable reference, which is incompatible with a multi-threaded application.
Source: CVE-2019-16142
CVE-2019-16139
CVE-2019-16139
An issue was discovered in the compact_arena crate before 0.4.0 for Rust. Generativity is mishandled, leading to an out-of-bounds write or read.
Source: CVE-2019-16139
CVE-2019-16141
CVE-2019-16141
An issue was discovered in the once_cell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy.
Source: CVE-2019-16141
CVE-2019-16133
CVE-2019-16133
An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the account names and passwords of all employees in the company can be obtained by an ordinary account. Specifically, the attacker sends a jsessionid value for URIs under app/profile/summary/.
Source: CVE-2019-16133
CVE-2019-16130
CVE-2019-16130
YII2-CMS v1.0 has XSS in protectedcoremoduleshomemodelsContact.php via a name field to /contact.html.
Source: CVE-2019-16130
CVE-2019-16131
CVE-2019-16131
framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/.
Source: CVE-2019-16131
CVE-2019-16132
CVE-2019-16132
An issue was discovered in OKLite v1.2.25. framework/admin/tpl_control.php allows remote attackers to delete arbitrary files via a title directory-traversal pathname followed by a crafted substring.
Source: CVE-2019-16132