pcre: Integer overflow when parsing callout numeric arguments

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a ?C substring...

pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454...

sqlite: mishandling of certain SELECT statements with non-existent VIEW can lead to DoS

SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash...

libjpeg-turbo: Stack-based buffer overflow in the "transform" component

A stack-based buffer overflow flaw was found in libjpeg-turbo library in the tranform component. An attacker may use this flaw to input a malicious image file to an application utilizing this library, leading to arbitrary code execution. The highest threat from this vulnerability is to data...

CVE-2021-41227

TensorFlow is an open source platform for machine learning. In affected versions the ImmutableConst operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the tstring TensorFlow string class has a special case for memory mapped strings but the operation...

Mozilla: Use-after-free in HTTP2 Session object

The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash...

libsolv: heap-based buffer overflow in prune_to_recommended() in src/policy.c

A flaw was found in libsolv. A buffer overflow vulnerability in the prunetorecommend function allows attackers to cause a denial of service. The highest threat from this vulnerability is to system availability...

libsolv: heap-based buffer overflow in pool_disabled_solvable() in src/repo.h

A flaw was found in libsolv. A buffer overflow vulnerability in the pooldisabledsolvable function allows attackers to cause a denial of service. The highest threat from this vulnerability is to system availability...

flatpak: Sandbox bypass via recent VFS-manipulating syscalls

A flaw was found in the flatpak package. It is susceptible to a software flaw that can deceive portals and other host-OS services into treating the flatpak app as an ordinary, non-sandboxed host-OS process. This flaw allows the escalation of privileges that the corresponding services presume the...

mysql: Server: DML unspecified vulnerability (CPU Jul 2021)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

mysql: Server: DML unspecified vulnerability (CPU Jan 2021)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server...

Mozilla: Use-after-free in MessageTask

During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 78.15, Thunderbird 91.2, Firefox ESR 91.2, Firefox ESR 78.15, and Firefox 93...

CVE-2021-40324

Cobbler before 3.3.0 allows arbitrary file write operations via uploadlogdata...

ntfs-3g: Heap buffer overflow in ntfs_attr_pread_i() triggered by specially crafted NTFS attributes

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing NTFS attributes, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

nodejs: Incomplete validation of tls rejectUnauthorized parameter

A flaw was found in Node.js. If the Node.js HTTPS API is used incorrectly and "undefined" is passed for the "rejectUnauthorized" parameter, no error is returned, and the connections to servers with an expired certificate are accepted. The highest threat from this vulnerability is to integrity...

keycloak: X509 Direct Grant Auth does not verify certificate timestamp validity

A flaw was found in keycloak. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity...

Mozilla: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR 78.14,...

nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions

A flaw was found in nodejs-lodash. A Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions is possible...

golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header

A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes...

nodejs: Use-after-free on close http2 on stream canceling

A flaw was found in Node.js, where it is vulnerable to a use-after-free attack. This flaw allows an attacker to exploit the memory corruption, which causes a change in the process behavior. The highest threat from this vulnerability is to confidentiality and integrity...