ruby: Buffer overrun in String-to-Float conversion

A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read...

openssl: OPENSSL_LH_flush() breaks reuse of memory

A memory leak flaw was found in OpenSSL, resulting in TLS servers and clients being halted by out-of-memory conditions, leading to a denial of service. An attacker needs to repeat actions continuously to trigger this vulnerability, resulting in a loss of application availability...

CVE-2022-2819

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211...

mariadb: crash when using HAVING with IS NULL predicate in an equality

A flaw was found in the MariaDB Server. It contains a segmentation fault via the component, sql/itemcmpfunc.h, impacting availability...

mariadb: server crash in Item_args::walk_args

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Itemargs::walkargs...

mariadb: crash via component Item_subselect::init_expr_cache_tracker

A flaw was found in MariaDB. An issue in the component, Itemsubselect::initexprcachetracker of the MariaDB Server, allows attackers to cause a denial of service DoS via specially crafted SQL statements, impacting availability...

golang: path/filepath: stack exhaustion in Glob

A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability...

[SECURITY] Fedora 36 Update: meshbird-2.3-7.fc36

Distributed private networking...

mariadb: server crash at Field::set_default via specially crafted SQL statements

A flaw was found in MariaDB. The component, Field::setdefault, allows attackers to cause a denial of service DoS via specially crafted SQL statements, affecting availability...

mariadb: assertion failure in Item_args::walk_arg

A use-after-free flaw was found in Maria DB. The MariaDB Server contains a use-after-free in the component, Itemargs::walkarg, which is exploited via specially crafted SQL statements, affecting availability...

mariadb: crash when using HAVING with IS NULL predicate in an equality

A flaw was found in the MariaDB Server. It contains a segmentation fault via the component, sql/itemcmpfunc.h, impacting availability...

mariadb: crash via component Item_subselect::init_expr_cache_tracker

A flaw was found in MariaDB. An issue in the component, Itemsubselect::initexprcachetracker of the MariaDB Server, allows attackers to cause a denial of service DoS via specially crafted SQL statements, impacting availability...

mysql: C API unspecified vulnerability (CPU Oct 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: C API. Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive

A flaw was found in apache-commons-compress. When reading a specially crafted TAR archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for small inputs. This flaw allows the mounting of a denial of service attack against services that use Compress' TAR...

pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compilexclassmatchingpath function of the pcre2jitcompile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in...

vim: buffer over-read in function find_next_quote

A flaw was found in vim, where it is vulnerable to a buffer over-read in the findnextquote function. This flaw allows a specially crafted file to crash software, modify memory and possibly perform remote execution when opened in vim...

nodejs: Incorrect handling of certificate subject and issuer fields

A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries...

CVE-2022-33067

Lrzip v0.651 was discovered to contain multiple invalid arithmetic shifts via the functions getmagic in lrzip.c and Predictor::init in libzpaq/libzpaq.cpp. These vulnerabilities allow attackers to cause a Denial of Service via unspecified vectors...

xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...

mysql: Server: DML unspecified vulnerability (CPU Apr 2021)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...