AZL-10311 CVE-2022-30550 affecting package dovecot for versions less than 2.3.20-1

An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect usernamefilter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead...

PT-2022-3492 · Dovecot +10 · Dovecot +10

Name of the Vulnerable Software and Affected Versions: Dovecot versions 2.2 through 2.3.19 Description: An issue in the auth component of Dovecot can lead to an unintended security configuration, permitting privilege escalation in certain configurations. This occurs when two passdb configuration...

UBUNTU-CVE-2022-32087

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Itemargs::walkargs...

Cross-site Scripting (XSS)

silverstripe/assets is vulnerable to cross-site scriptingXSS attacks. A remote attacker is able to inject and execute malicious javascript via the args parameter in regenerateshortcode function...

DEBIAN-CVE-2021-40942

In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filterparsedynargs function in filtercore/filter.c:1454, as demonstrated by GPAC. This can cause a denial of service DOS...

NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2022-0023)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/xtables.c. This allows an attacker to gain privileges o...

CVE-2022-27376

MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Itemargs::walkarg, which is exploited via specially crafted SQL statements...

UBUNTU-CVE-2022-27376

MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Itemargs::walkarg, which is exploited via specially crafted SQL statements...

CVE-2022-21682

A path traversal vulnerability was found in Flatpak. This happens when flatpak-builder applies finish-args last in the build. At this point the build directory will have the full access that is specified in the manifest, so running flatpak build against it will gain those permissions...

PYSEC-2021-808

TensorFlow is an open source platform for machine learning. In affected versions if tf.summary.createfilewriter is called with non-scalar arguments code crashes due to a CHECK-fail. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow...

OPENSUSE-SU-2021:1420-1 Security update for go1.16

This update for go1.16 fixes the following issues: Update to go1.16.9 - CVE-2021-38297: misc/wasm, cmd/link: do not let command line args overwrite global data bsc1191468 This update was imported from the SUSE:SLE-15:Update update project...

SUSE-SU-2021:3488-1 Security update for go1.17

This update for go1.17 fixes the following issues: Update to go1.17.2 - CVE-2021-38297: misc/wasm, cmd/link: do not let command line args overwrite global data bsc1191468...

kernel: powerpc: KVM guest OS users can cause host OS memory corruption

A flaw was found on the Linux kernel. On the PowerPC platform, the KVM guest allows the OS users to cause host OS memory corruption via rtasargs.nargs. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

ai.stainless:grails-tika (=0.1.0), android.arch.navigation:navigation-safe-args-gradle-plugin (>=1.0.0 <=1.0.0-rc02) +2559 more potentially affected by CVE-2021-33813 via org.jdom:jdom2 (>=2.0.3 <=2.0.6)

org.jdom:jdom2 MAVEN version =2.0.3, =1.0.0, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha12, =1.1.0, =1.2.0-alpha12, =1.0.0, =2.4.0, =2.4.0, =2.0.0, =1.0.0-alpha01, =1.0...

DEBIAN-CVE-2021-37576

arch/powerpc/kvm/book3srtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtasargs.nargs, aka CID-f62f3c20647e...

Information Disclosure

ansible is vulnerable to information disclosure. The moduleargs is not censored properly when using the check mode with -vvv on the CLI and causes confidential data to be exposed and read...

DEBIAN-CVE-2020-14332

A flaw was found in the Ansible Engine when using moduleargs. Tasks executed with check mode --check-mode do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality...

PT-2020-6577

Name of the Vulnerable Software and Affected Versions Ansible Engine affected versions not specified Description A flaw was found in the Ansible Engine when using module args. Tasks executed with check mode --check-mode do not properly neutralize sensitive data exposed in the event data. This fla...

OSV-2020-240 UNKNOWN READ in perfetto::trace_processor::TraceStorage::GetIdForVariadicType

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19999 Crash type: UNKNOWN READ Crash state: perfetto::traceprocessor::TraceStorage::GetIdForVariadicType perfetto::traceprocessor::GlobalArgsTracker::AddArgSet perfetto::traceprocessor::ArgsTracker::Flush...

libfmt:fuzzer_named_arg: Stack-buffer-underflow in fmt::v6::basic_format_args<fmt::v6::basic_format_context<std::__1::back_insert_i

Detailed Report: https://oss-fuzz.com/testcase?key=5747676286287872 Project: libfmt Fuzzing Engine: libFuzzer Fuzz Target: fuzzernamedarg Job Type: libfuzzerasanlibfmt Platform Id: linux Crash Type: Stack-buffer-underflow READ 16 Crash Address: 0x7f200d9a6110 Crash State:...