SUSE CVE-2020-9274

An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the lookupaliasconst char alias or printaliasesvoid function is called, they fail to correctly detect the end of the linked list and try to access a non-existe...

SUSE CVE-2020-15184

In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the alias field on a Chart.yaml is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review th...

SUSE CVE-2020-24303

Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource...

SUSE CVE-2021-3800

A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition...

SUSE CVE-2022-28285

When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefox ESR 91.8...

SUSE CVE-2022-37452

Exim before 4.95 has a heap-based buffer overflow for the alias list in hostnamelookup in host.c when senderhostname is set...

MGASA-2023-0049 Updated phpmyadmin packages fix security vulnerability

Security fix for an XSS vulnerability in the drag-and-drop upload functionality PMASA-2023-01 Additional bugfixes including - issue 17506 Fix error when configuring 2FA without XMLWriter or Imagick issue 17519 Fix Export pages not working in certain conditions issue 17121 Fix passwordhash functio...

PT-2023-18784 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.13 Splunk Enterprise versions prior to 8.2.10 Splunk Enterprise versions prior to 9.0.4 Description: The issue concerns aliases of the collect search processing language SPL command, including...

PT-2023-36335 · Unknown · Phpmyadmin

Name of the Vulnerable Software and Affected Versions: phpMyAdmin affected versions not specified Description: The issue concerns a security fix for an XSS vulnerability in the drag-and-drop upload functionality. Additional bugfixes include resolving errors when configuring 2FA without XMLWriter ...

GSD-2023-1002003 ASoC: Intel: sof-nau8825: fix module alias overflow

ASoC: Intel: sof-nau8825: fix module alias overflow This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.7 by commit...

PT-2023-35079 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.7 Description: The issue is related to a module alias overflow in the sof-nau8825 module of the Linux Kernel. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...

EulerOS 2.0 SP8 : glib2 (EulerOS-SA-2023-1315)

According to the versions of the glib2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to...

GSD-2023-1001709 ASoC: Intel: sof-nau8825: fix module alias overflow

ASoC: Intel: sof-nau8825: fix module alias overflow This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.7 by commit...

PT-2023-34785 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.7 Description: The issue is related to a module alias overflow in the sof-nau8825 module of the Linux Kernel. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...

go-yaml: Denial of Service in go-yaml

A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector...

Denial Of Service (DoS)

github.com/go-yaml/yaml is vulnerable to denial of service.The vulnerability exists in multiple functions of decode.go due to unbounded alias chasing which allows an attacker to cause an application crash via malicious input...

GHSA-R88R-GMRH-7J83 YAML Go package vulnerable to denial of service

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector...

CVE-2021-4235

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector...

AZL-43918 CVE-2021-4235 affecting package buildah 1.18.0-29

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector...

AZL-45360 CVE-2021-4235 affecting package buildah for versions less than 1.41.4-2

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector...