AZL-27121 CVE-2023-29403 affecting package msft-golang for versions less than 1.20.7-1

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...

AZL-37301 CVE-2023-29403 affecting package golang for versions less than 1.21.6-1

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...

AZL-79002 CVE-2023-29403 affecting package golang 1.25.7-1

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...

Incorrect Privilege Assignment

Overview std/runtime is a Go standard library package std/runtime Affected versions of this package are vulnerable to Incorrect Privilege Assignment. Go Vulnerability Report:On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be...

SUSE CVE-2023-29405

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. Flags containing...

SUSE CVE-2023-26130

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. Note: This issue is present due...

git: malicious placement of crafted messages when git was compiled with runtime prefix

A vulnerability was found in Git. This security flaw occurs when Git compiles with runtime prefix support and runs without translated messages, and it still uses the gettext machinery to display messages, which subsequently looks for translated messages in unexpected places. This flaw allows the...

golang: go/parser: Infinite loop in parsing

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service...

xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks

A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization...

ruby: ReDoS vulnerability in URI

A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This may result in a regular expression denial of service ReDoS...

ruby: ReDoS vulnerability in Time

A flaw was found in the Time gem and Time library of Ruby. The Time parser mishandles invalid strings with specific characters and causes an increase in execution time for parsing strings to Time objects. This issue may result in a Regular expression denial of service ReDoS...

SUSE CVE-2023-31130

c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to...

SUSE CVE-2023-31722

There exists a heap buffer overflow in nasm 2.16.02rc1 GitHub commit: b952891...

Mozilla: Potential memory corruption in FileReader::DoReadData()

The Mozilla Foundation Security Advisory describes this flaw as: When reading a file, an uninitialized value could have been used as read limit...

Mozilla: Content process crash due to invalid wasm code

The Mozilla Foundation Security Advisory describes this flaw as: A type checking bug would have led to invalid code being compiled...

Mozilla: Potential memory corruption in FileReader::DoReadData()

The Mozilla Foundation Security Advisory describes this flaw as: When reading a file, an uninitialized value could have been used as read limit...

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

freerdp: missing length validation in urbdrc channel

An out-of-bound read vulnerability was discovered in FreeRDP due to improper input length validation in client/datatransfer.c in the urbdrc channel. A malicious server can trigger an out-of-bounds read by tricking a FreeRDP based client to read out-of-bound data and send it back to the server...

freerdp: clients using the `/video` command line switch might read uninitialized data

A vulnerability was found in FreeRDP where all clients using the /video command line switch might read uninitialized data, decode it as audio/video and display the result, leading to information disclosure...