奇安信CodeSafe
奇安信CodeSafe
https://github.com/facebook/openbmc/blob/9d57980189e52b79f365cb58214f1b23dbd63813/meta-facebook/meta-galaxy100/recipes-utils/mkeeprom/files/mkeeprom.c#L69
Stream is opened https://github.com/facebook/openbmc/blob/9d57980189e52b79f365cb58214f1b23dbd63813/common/recipes-core/fw-util/files/tpm.cpp#L34 ‘fp’ never closed https://github.com/facebook/openbmc/blob/9d57980189e52b79f365cb58214f1b23dbd63813/common/recipes-core/fw-util/files/tpm.cpp#L44
Memory is allocated https://github.com/facebook/openbmc/blob/9d57980189e52b79f365cb58214f1b23dbd63813/common/recipes-utils/cpldupdate/files/ispvm_ui.c#L296 but at the end of function,never free it
https://github.com/facebook/openbmc/blob/9d57980189e52b79f365cb58214f1b23dbd63813/meta-facebook/meta-galaxy100/recipes-utils/mkeeprom/files/mkeeprom.c#L69
co_hook_sys_call.cpp 231行可能导致空指针解引用 230: rpchook_t *lp = alloc_by_fd( fd ); //定义如下:可能返回NULL 231: lp->domain = domain;//导致空指针解引用 static inline rpchook_t * alloc_by_fd( int fd ) { if( fd > -1 && fd <...
We found a problem about Privacy Violation in tcf-master/tcfl/ttb_client.py  Mishandling private information, can compromise user privacy and is often illegal.Privacy is a priority when privacy conflicts with other issues.
https://github.com/yahoo/parsec/blob/564f47f6e4dc23599895883041106f06da11c17f/parsec-gradle-plugin/src/main/java/com/yahoo/parsec/gradle/utils/FileUtils.java#L180-L183 Allowing user input to control paths used in file system operations could enable an attacker to access or modify otherwise protected system resources.
https://github.com/yahoo/parsec/blob/564f47f6e4dc23599895883041106f06da11c17f/parsec-gradle-plugin/src/main/java/com/yahoo/parsec/gradle/utils/FileUtils.java#L210 The program can potentially fail to release a system resource.
https://github.com/amzn/amazon-pay-sdk-java/blob/9b0bf0ff293dd24585aabf8e25b01d016e6620d8/src/com/amazon/pay/impl/Util.java#L191 Converting a byte array into a String may lead to data loss.
https://github.com/amzn/fire-app-builder/blob/0d940f11151d30a91b49488941ac2a48be6abd7b/Utils/build.gradle#L71 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2019-14379 Recommended upgrade version:2..3