525 matches found
kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c
A double-free flaw was found in the Linux kernel in the emsusbstartxmit function. This flaw allows an attacker to create a memory leak and corrupt the underlying data structure by calling free more than once...
golang: path/filepath: stack exhaustion in Glob
A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability...
Moderate: Red Hat Security Advisory: lua security update
An update for lua is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
bind: memory leaks in EdDSA DNSSEC verification code
A flaw was found in the Bind package, where the DNSSEC verification code for the EdDSA algorithm leaks memory when there is a signature length mismatch. By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak, resulting in...
mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
[SECURITY] Fedora 37 Update: python3.10-3.10.7-1.fc37
Python 3.10 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.10 package provides the "python3.10" executable:...
mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc
A flaw was found in the MariaDB Server. It contains a use-after-free in the component, VDec::VDec at /sql/sqltype.cc, affecting availability...
mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Itemfuncin::cleanup/Item::cleanupprocessor...
mariadb: server crash at Field::set_default via specially crafted SQL statements
A flaw was found in MariaDB. The component, Field::setdefault, allows attackers to cause a denial of service DoS via specially crafted SQL statements, affecting availability...
mariadb: server crash in component arg_comparator::compare_real_fixed
A flaw was found in MariaDB. The component, Argcomparator::comparerealfixed, allows attackers to cause a denial of service DoS via specially crafted SQL statements, affecting availability...
[SECURITY] Fedora 35 Update: aquatone-1.7.0-7.fc35
A Tool for Domain Flyovers...
postgresql-jdbc: Arbitrary File Write Vulnerability
A flaw was found in Postgres JDBC. This flaw allows an attacker to use a method to write arbitrary files through the connection properties settings. For example, an attacker can create an executable file under the server the application is running and make it a new part of the application or serv...
[SECURITY] Fedora 36 Update: golang-k8s-kube-aggregator-1.22.0-3.fc36
Aggregator for Kubernetes-style API servers: dynamic registration, discovery summarization, secure proxy...
CVE-2022-30294
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-30293. Reason: This candidate is a duplicate of CVE-2022-30293. Notes: All CVE users should reference CVE-2022-30293 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
expat: Integer overflow in storeAtts in xmlparse.c
expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...
kernel: out of bounds write in hid-multitouch.c may lead to escalation of privilege
A flaw was found in the Linux kernel’s multi-touch input system. An out-of-bounds write triggered by a use-after-free issue could lead to memory corruption or possible privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
[SECURITY] Fedora 34 Update: rust-tokei-12.0.4-11.fc34
Utility that allows you to count code, quickly...
CVE-2022-21296
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...
nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS)
A remote code execution flaw was found in the way NSS verifies certificates. This flaw allows an attacker posing as an SSL/TLS server to trigger this issue in a client application compiled with NSS when it tries to initiate an SSL/TLS connection. Similarly, a server application compiled with NSS,...
xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration
A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality,...