CVE-2022-28738

A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations...

CVE-2022-28738

A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations...

Double free

A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations...

CVE-2022-28738

Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2 contains a double-free in the Regexp compiler when compiling a Regexp from untrusted user input, potentially allowing memory corruption. The issue is fixed in Ruby 3.0.4 and 3.1.2+; affected releases include Ruby 3.x up to those pre-fix versions. Sever...

Huawei EulerOS: Security Advisory for libsepol (EulerOS-SA-2022-1672)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL CORE 5.04 / MAIN 5.04 : gcc Multiple Vulnerabilities (NS-SA-2022-0019)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has gcc packages installed that are affected by multiple vulnerabilities: - Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service Fortran application crash...

CVE-2022-28738

A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations...

EulerOS Virtualization 3.0.2.0 : libsepol (EulerOS-SA-2022-1672)

According to the versions of the libsepol packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The CIL compiler in SELinux 3.2 has a use-after-free in cilverifyclassperms called from cilverifyclasspermission and...

EulerOS Virtualization 2.9.0 : mozjs60 (EulerOS-SA-2022-1632)

According to the versions of the mozjs60 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that wi...

Huawei EulerOS: Security Advisory for mozjs60 (EulerOS-SA-2022-1632)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.1 : binutils (EulerOS-SA-2022-1603)

According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reorderi...

Chainlink latestAnswer has been deprecated

Lines of code PriceOracleImplementation.solL29-L31 Vulnerability details Impact latestAnswer function is deprecated. This function does not revert if no answer has been reached but returns zero. There is no check for stale price and round completeness. Price can be stale and lead to wrong return...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : libsepol vulnerabilities (USN-5391-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5391-1 advisory. Nicolas Iooss discovered that libsepol incorrectly handled memory when handling policies. An attacker could possibly use this iss...

curl: --libcurl code injection via trigraphs

Summary: curl command --libcurl option can be tricked to generate C code that when compiled contains arbitrary code execution. Steps To Reproduce: 1. curl --libcurl client.c --user-agent "??/";char c='i','d',' ','','x',0,m='r',0;fclosepopenc,m;//" http://example.invalid 2. gcc -trigraphs client.c...

EulerOS 2.0 SP9 : mozjs60 (EulerOS-SA-2022-1431)

According to the versions of the mozjs60 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effor...

EulerOS 2.0 SP9 : mozjs60 (EulerOS-SA-2022-1452)

According to the versions of the mozjs60 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effor...

EulerOS Virtualization 2.10.1 : libsepol (EulerOS-SA-2022-1379)

According to the versions of the libsepol package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The CIL compiler in SELinux 3.2 has a use-after-free in cilverifyclassperms called from cilverifyclasspermission and...

PYSEC-2022-43153

Wasm3 0.5.0 has a heap-based buffer overflow in NewCodePage in m3code.c called indirectly from CompileBranchTable in m3compile.c...

Slackware Linux 15.0 / current ruby Multiple Vulnerabilities (SSA:2022-103-01)

The version of ruby installed on the remote host is prior to 3.0.4 / 3.1.2. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-103-01 advisory. - There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It...

Design/Logic Flaw

An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code execution through maliciously crafted ActionScript Byte Code 'ABC' files or information disclosure. ABC files are created by the Flash compiler and contain executable code. This vulnerability in...