React Editable Json Tree 安全漏洞

React Editable Json Tree is a library by the individual developer Havrileck Alexandre. A security vulnerability exists in React Editable Json Tree versions prior to 2.2.2, which stems from the ability to parse and execute arbitrary code via the eval function...

PT-2022-28213 · Python · Xml.Etree.Elementtree

Name of the Vulnerable Software and Affected Versions: mofh versions prior to 1.0.1 Description: The issue affects the xml.etree.ElementTree module, making the application susceptible to denial-of-service attacks, specifically the Billion Laughs attack and the Quadratic blowup attack. These attac...

GSD-2022-1004871 xen/arm: Fix race in RB-tree based P2M accounting

xen/arm: Fix race in RB-tree based P2M accounting This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.287 by commit...

GSD-2022-1004716 xen/arm: Fix race in RB-tree based P2M accounting

xen/arm: Fix race in RB-tree based P2M accounting This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.204 by commit...

GSD-2022-1004595 xen/arm: Fix race in RB-tree based P2M accounting

xen/arm: Fix race in RB-tree based P2M accounting This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.129 by commit...

GSD-2022-1004429 xen/arm: Fix race in RB-tree based P2M accounting

xen/arm: Fix race in RB-tree based P2M accounting This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.53 by commit...

Fedora: Security Advisory for golang-github-a8m-tree (FEDORA-2022-5ef0bd9a27)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-pelletier-toml-1.9.4-3.fc36

Go-toml provides the following features for using data parsed from TOML documents: - Load TOML documents from files and string data - Easily navigate TOML structure using Tree - Mashaling and unmarshaling to and from data structures - Line & column position data for all parsed elements - Query...

[SECURITY] Fedora 36 Update: golang-etcd-bbolt-1.3.6-5.fc36

Package Bbolt implements a low-level key/value store in pure Go. It supports fully serializable transactions, ACID semantics, and lock-free MVCC with multiple readers and a single writer. Bolt can be used for projects that want a simple data store without the need to add large dependencies such a...

PT-2022-6040 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 5.15 through 5.19 before 5.19.2 Description: The issue is related to an out-of-bounds read in the Linux kernel's ksmbd subsystem, specifically in the fs/ksmbd/smb2misc.c file. This occurs when handling the SMB2 TREE...

Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held resulting in a small race window which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0 e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages.

...

Fedora: Security Advisory for golang-etcd-bbolt (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-github-a8m-tree (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: golang-etcd-bbolt-1.3.6-4.fc35

Package Bbolt implements a low-level key/value store in pure Go. It supports fully serializable transactions, ACID semantics, and lock-free MVCC with multiple readers and a single writer. Bolt can be used for projects that want a simple data store without the need to add large dependencies such a...

[SECURITY] Fedora 35 Update: golang-github-a8m-tree-0-0.16.20210725gitce3525c.fc35

An implementation of the Unix tree command written in Go, that can be used programmatically...

Denial Of Service

Open policy agent is vulnerable to Denial of Service. An attacker is able to crash the system via a maliciously crafted inputs via the abstract systax tree parser in ast/compile.go...

Fedora: Security Advisory for golang-github-a8m-tree (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

DEBIAN-CVE-2022-33744

Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged...

UBUNTU-CVE-2022-33744

Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged...

[SECURITY] Fedora 36 Update: golang-github-pelletier-toml-1.9.4-2.fc36

Go-toml provides the following features for using data parsed from TOML documents: - Load TOML documents from files and string data - Easily navigate TOML structure using Tree - Mashaling and unmarshaling to and from data structures - Line & column position data for all parsed elements - Query...