CVE-2022-45935

Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions...

CVE-2022-45935 Apache James server: Temporary File Information Disclosure

Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions...

PT-2023-14802 · Apache · Apache James Server

Name of the Vulnerable Software and Affected Versions: Apache James server versions 3.7.2 and prior versions Description: The issue allows an attacker with local access to access private user data in transit due to the usage of temporary files with insecure permissions by the Apache James server...

PT-2022-35192 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 5.15.68 through 5.15.76 Description: The issue is related to the skb append pagefrags function in the Linux Kernel, where it does not properly sense the pfmemalloc status. This could potentially lead to security...

The vulnerability of the `append_to_verify_fifo_interleaved_` function in the `streamencoder.c` component of the FLAC audio codec allows a hacker to gain access to confidential data.

The vulnerability of the appendtoverifyfifointerleaved function in the streamencoder.c component of the FLAC audio encoder is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows an attacker to gain access to confidential data...

Denial Of Service (DoS)

asterisk is vulnerable to denial of service. The vulnerability exists due to allows an append operation relative to the active topology which allows an attacker to trigger a crash by sending an m=image line and zero port in a response...

PT-2022-34245 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.211 Description: A potential issue exists where ext4 append may not always allocate a new block. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel version...

PT-2022-33795 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.61 Description: A potential issue exists where ext4 append may not always allocate a new block. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel version...

PT-2022-33432 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.2 Description: The issue is related to the ext4 file system, specifically with the ext4 append function. It is noted that this function should always allocate a new block. The actual impact and potential f...

CVE-2021-46837

respjsipt38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrenc...

Multiple storage slot collisions between versions - due to different order in declaration

Lines of code Vulnerability details Impact If we list the sequence of how variables receive slots, we will see the failure to follow "append-only" principle. Many variable added "in-between" V2 version can read/write wrong slots. Proof of Concept Here is the table/list of variable, built taking...

CLSA-2022-1657813374 Fix CVE(s): CVE-2022-2182, CVE-2022-2183, CVE-2022-2210, CVE-2022-2207

SECURITY UPDATE: Heap-based buffer overflow in function utfptr2char - debian/patches/CVE-2022-2182.patch: When on line zero check the column is valid for line one in doonecmd function - CVE-2022-2182 SECURITY UPDATE: Out-of-bounds read in function getlispindent - debian/patches/CVE-2022-2183.patc...

The vulnerability of the Vim text editor’s append command allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the Vim text editor’s append command relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to cause a service failure or execute arbitrary code by loading a specially created file...

OESA-2022-1656 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

AZL-9737 CVE-2022-1616 affecting package vim for versions less than 8.2.4925-1

Use after free in appendcommand in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution...

DEBIAN-CVE-2022-1616

Use after free in appendcommand in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution...

UBUNTU-CVE-2022-1616

Use after free in appendcommand in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution...

CVE-2021-21914

A heap-based buffer overflow vulnerability exists in the DecoderStream::Append functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

Heap overflow

A heap-based buffer overflow vulnerability exists in the DecoderStream::Append functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2021-21914

A heap-based buffer overflow vulnerability exists in the DecoderStream::Append functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...