Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior

Summary An integer overflow in Grid::expandrows can corrupt the relationship between the grid’s logical dimensions and its backing storage. After the internal invariant is broken, the safe API get may invoke getunchecked with an invalid index, resulting in Undefined Behavior. Details Tested...

PT-2026-37174

Name of the Vulnerable Software and Affected Versions Grid versions 0.17.0 through 1.0.0 Description An integer overflow in the expand rows function can corrupt the relationship between the grid's logical dimensions and its backing storage. This occurs because the function computes the new backin...

PT-2026-6538

In the unique reclaim path of BytesMut::reserve, the condition rs if v capacity = new cap + offset uses an unchecked addition. When new cap + offset overflows usize in release builds, this condition may incorrectly pass, causing self.cap to be set to a value that exceeds the actual allocated...

Fedora 37 : apptainer (2023-01ff262091)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-01ff262091 advisory. Update to upstream 1.1.6 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...

GHSA-7P8M-22H4-9PJ7 scs-library-client may leak user credentials to third-party service via HTTP redirect

Impact When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by the client to the library service may be incorrectly leaked to an S3 backing storage provider. This occurs in a specific flow, where the library service redirects the...

CVE-2022-23538

github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services SCS Container Library Service. When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by the client to the library service may be incorrectl...

CVE-2018-21086

An issue was discovered on Samsung mobile devices with L5.x, M6.0, and N7.x software. There is a race condition with a resultant double free in vnswapinitbackingstorage. The Samsung ID is SVE-2017-11177 February 2018...

CVE-2018-21085

An issue was discovered on Samsung mobile devices with L5.x, M6.0, and N7.x software. There is a race condition with a resultant use-after-free in vnswapdeinitbackingstorage. The Samsung ID is SVE-2017-11176 February 2018...

DEBIAN-CVE-2017-5857

Memory leak in the virglcmdresourceunref function in hw/display/virtio-gpu-3d.c in QEMU aka Quick Emulator allows local guest OS users to cause a denial of service host memory consumption via a large number of VIRTIOGPUCMDRESOURCEUNREF commands sent without detaching the backing storage beforehan...

CVE-2017-5857

Memory leak in the virglcmdresourceunref function in hw/display/virtio-gpu-3d.c in QEMU aka Quick Emulator allows local guest OS users to cause a denial of service host memory consumption via a large number of VIRTIOGPUCMDRESOURCEUNREF commands sent without detaching the backing storage beforehan...