CVE-2023-2283

A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in thepkiverifydatasignature function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the retu...

Delegate uses incorrect parameter for the token amount

Lines of code Vulnerability details Delegate uses incorrect parameter for the token amount The delegate implementation uses the incorrect "amount" parameter from the JBDidPayData struct that is sent to the didPay function. Impact The implementation of the pay function in the terminal builds the...

CVE-2023-30837 Vyper storage allocator overflow

Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-1524)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-26470

Summary: CVE-2023-26470 affects XWiki Platform, where saving a document with an extremely large object number can trigger uncontrolled resource consumption, often exhausting memory and making the system unusable. This behavior is documented across multiple sources, including the NVD entry and XWi...

K62318311: glibc vulnerability CVE-2017-17426

Security Advisory Description The malloc function in the GNU C Library aka glibc or libc6 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZEMAX, potentially leading to a subsequent heap overflow. This occurs because the...

GSD-2023-1001985 io_uring/io-wq: only free worker if it was allocated for creation

iouring/io-wq: only free worker if it was allocated for creation This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.7 by commit...

Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following resulting in deletion of files and directories on the host system

Impact This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with GHSA-p8r3-83r8-jwj5 to overwrite files on the host system. In order to use this...

GSD-2023-1000473 fs/ntfs3: Use __GFP_NOWARN allocation at wnd_init()

fs/ntfs3: Use GFPNOWARN allocation at wndinit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.17 by commit...

GSD-2023-1000471 fs/ntfs3: Use __GFP_NOWARN allocation at ntfs_fill_super()

fs/ntfs3: Use GFPNOWARN allocation at ntfsfillsuper This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.17 by commit...

SUSE: Security Advisory (SUSE-SU-2023:0075-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GSD-2022-1008270 nfs4: Fix kmemleak when allocate slot failed

nfs4: Fix kmemleak when allocate slot failed This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.265 by commit...

GSD-2022-1008178 net: gso: fix panic on frag_list with mixed head alloc types

net: gso: fix panic on fraglist with mixed head alloc types This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.225 by commit...

GSD-2022-1007862 nfs4: Fix kmemleak when allocate slot failed

nfs4: Fix kmemleak when allocate slot failed This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.8 by commit...

kernel: ext4: fix bug_on in ext4_writepages

In the Linux kernel, the following vulnerability has been resolved: ext4: fix bugon in ext4writepages we got issue as follows: EXT4-fs error device loop0: ext4mbgeneratebuddy:1141: group 0, block bitmap and bg descriptor inconsistent: 25 vs 31513 free cls ------------ cut here ------------ kernel...

CVE-2022-34439

Dell PowerScale OneFS (versions 8.2.0.x through 9.4.0.x) is affected by a vulnerability where resources are allocated without limits or throttling. This allows a remote unauthenticated attacker to cause denial of service and degraded performance on the affected node. The issue is tied to improper...

CVE-2022-42928

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of certain types of allocations that were missing annotations that, if the Garbage Collector was in a specific state, could lead to memory corruption and a potentially exploitable crash...

Heap Buffer Overflow

Psych is vulnerable to heap buffer overflow. The vulnerability is due to the startdocument function in psychemitter.c buffer head allocation based on the tags array length. This flaw allows an attacker to pass a specially constructed element of tags array object that can increase this array size...

CVE-2022-3439

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0...

CVE-2022-3456

CVE-2022-3456 affects the rdiffweb project (ikus060/rdiffweb) prior to version 2.5.0. The root cause is Allocation of Resources Without Limits or Throttling, potentially enabling resource exhaustion and affecting availability. NVD metrics yield a CRITICAL base score (CVSS 3.1: 9.8, network attack...