Design/Logic Flaw

A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system...

CVE-2022-31594

A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system...

GO-2022-0289 Misdirected I/O in syscall

When a Go program running on a Unix system is out of file descriptors and calls syscall.ForkExec including indirectly by using the os/exec package, syscall.ForkExec can close file descriptor 0 as it fails. If this happens or can be provoked repeatedly, it can result in misdirected I/O such as...

ntfs-3g: Out-of-bounds access in ntfs_inode_sync_standard_information()

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

CVE-2021-20225 affecting package grub2 for versions less than 2.06~rc1-7

CVE-2021-20225 affecting package grub2 for versions less than 2.06rc1-7. A patched version of the package is available...

CVE-2019-12749 affecting package dbus for versions less than 1.13.6-9

CVE-2019-12749 affecting package dbus for versions less than 1.13.6-9. A patched version of the package is available...

Master_Librarian - A Simple Tool To Audit Unix/*BSD/Linux System Libraries To Find Public Security Vulnerabilities

A simple tool to audit Unix/BSD/Linux system libraries to find public security vulnerabilities. To install requirements: $ sudo python3 -m pip install -r requirements.txt Overview: vulnerabilities on local libraries by CoolerVoid Example: $ python3 masterlibrarian.py -t csv $ python3...

shescape Information Disclosure Vulnerability

shescape is an open source package of simple shell escaping programs for JavaScript. Use it to escape user-controlled input to shell commands to prevent shell injection. shescape versions 1.4.0 through 1.5.1 are vulnerable to an information disclosure vulnerability that stems from using the escap...

Info-ZIP UnZip 安全漏洞

Info-ZIP UnZip is a Unix-based tool for decompressing ".zip" file formats developed by Greg Roelofs. unzip is vulnerable to a buffer overflow vulnerability that results from the conversion of utf-8 strings to native strings resulting in a segmentation error. An attacker could exploit this...

[SECURITY] Fedora 34 Update: flatpak-builder-1.2.2-1.fc34

Flatpak-builder is a tool for building flatpaks from sources. See http://flatpak.org/ for more information...

CVE-2021-23566

The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf function which allows to reproduce the last id generated...

Mozilla: Crash when handling empty pkcs7 sequence

The Mozilla Foundation Security Advisory describes this flaw as: After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable...

CVE-2022-0156

vim is vulnerable to Use After Free...

CVE-2022-0080

mruby is vulnerable to Heap-based Buffer Overflow...

Fix of CVE: CVE-2021-45078, CVE-2018-9138, CVE-2018-17985, CVE-2018-12641, CVE-2018-12699, CVE-2018-12698, CVE-2018-12697, CVE-2018-12700, CVE-2018-18484, CVE-2018-18701, CVE-2018-12934, CVE-2018-18700, CVE-2018-17794, CVE-2018-18483

CVE-2018-9138: Fix stack exhaustion - CVE-2018-12641: Fix stack exhaustion - CVE-2018-12697: Fix NULL pointer dereference - CVE-2018-12698: Fix memory consumption - CVE-2018-12699: Fix heap-based buffer overflow - CVE-2018-12700: Fix infinite recursion - CVE-2018-17794: Fix NULL pointer...

CVE-2021-42374

An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that...

CVE-2021-41103 vulnerabilities

Vulnerabilities for packages: ctop...

CVE-2021-30607

Chromium: CVE-2021-30607 Use after free in Permissions...

libwebp: heap-based buffer overflow in PutLE16()

A flaw was found in libwebp. A heap-based buffer overflow was found in PutLE16. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

EulerOS 2.0 SP3 : junit (EulerOS-SA-2021-1807)

According to the version of the junit package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like...