GSD-2022-1008307 capabilities: fix undefined behavior in bit shift for CAP_TO_MASK

capabilities: fix undefined behavior in bit shift for CAPTOMASK This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.300 by commit...

GSD-2022-1008256 net: mdio: fix undefined behavior in bit shift for __mdiobus_register

net: mdio: fix undefined behavior in bit shift for mdiobusregister This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.265 by commit...

PT-2022-36511 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.265 Description: The issue concerns undefined behavior in bit shift for mdiobus register in the Linux Kernel's MDIO module. The actual impact and attack plausibility have not yet been proven...

PT-2022-36095 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.8 Description: The issue concerns undefined behavior in bit shift for mdiobus register in the Linux Kernel's MDIO module. The actual impact and attack plausibility have not yet been proven. Recommendations:...

PT-2022-36336 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 2.6.25 through 5.10.154 Description: The issue concerns undefined behavior in bit shift for CAP TO MASK. It was introduced in version v2.6.25 and fixed in version v5.10.155. The actual impact and attack plausibility have...

PT-2022-36562 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.300 Description: The issue concerns undefined behavior in bit shift for CAP TO MASK. It was introduced in version v2.6.25 and fixed in version v4.14.300. The actual impact and attack plausibility have not...

PT-2022-37431 · Unknown · Parity-Util-Mem

Name of the Vulnerable Software and Affected Versions: parity-util-mem affected versions not specified Description: The issue concerns the use of a global allocator that may lead to undefined behavior UB. There is a warning related to its use. Recommendations: At the moment, there is no informati...

OESA-2022-2109 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR,WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort,shear and transform images,...

MGASA-2022-0430 Updated vim packages fix security vulnerability

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. CVE-2022-2000, CVE-2022-2129, CVE-2022-2210 Use After Free in GitHub repository vim/vim prior to 8.2. CVE-2022-2042 Buffer Over-read in GitHub repository vim/vim prior to 8.2. CVE-2022-2124, CVE-2022-2175 Heap-based Buffer Overflow in...

EulerOS 2.0 SP9 : vim (EulerOS-SA-2022-2748)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101. CVE-2022-2571 - Undefined Behavior for Input to API in GitHub repository...

EulerOS 2.0 SP9 : vim (EulerOS-SA-2022-2783)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101. CVE-2022-2571 - Undefined Behavior for Input to API in GitHub repository...

PT-2022-35649 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.220 Description: The issue is related to a UBSAN shift-out-of-bounds problem in the intel rapl component of powercap. The actual impact and potential for attack have not been proven yet. Recommendations: Fo...

EulerOS 2.0 SP10 : vim (EulerOS-SA-2022-2703)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. CVE-2022-2257 - Use After Free in GitHub repository vim/vim prior to 9.0. CVE-2022-22...

EulerOS 2.0 SP10 : vim (EulerOS-SA-2022-2671)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. CVE-2022-2257 - Use After Free in GitHub repository vim/vim prior to 9.0. CVE-2022-22...

EulerOS 2.0 SP3 : ImageMagick (EulerOS-SA-2022-2615)

According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, whe...

EulerOS 2.0 SP8 : ImageMagick (EulerOS-SA-2022-2464)

According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, whe...

Library exclusively intended to inject UB into safe Rust.

Quoting from the crate description: This crate is created purely to inject undefined behavior into stable, safe rust. Specifically, the inconceivable! macro is insta-UB if the ubinconceivable feature is enabled by any reverse dependency. The value this adds is questionable, and hides unsafe code...

RUSTSEC-2022-0058 Library exclusively intended to inject UB into safe Rust.

Quoting from the crate description: This crate is created purely to inject undefined behavior into stable, safe rust. Specifically, the inconceivable! macro is insta-UB if the ubinconceivable feature is enabled by any reverse dependency. The value this adds is questionable, and hides unsafe code...

PT-2022-37425 · Unknown · Inconceivable Crate

Name of the Vulnerable Software and Affected Versions: inconceivable crate affected versions not specified Description: The issue concerns the introduction of undefined behavior into stable, safe Rust through the inconceivable! macro when the ub inconceivable feature is enabled by any reverse...

GLSA-202209-13 : libaacplus: Denial of Service

The remote host is affected by the vulnerability described in GLSA-202209-13 libaacplus: Denial of Service - auchannel.h in HE-AAC+ Codec aka libaacplus 2.0.2 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have...