17 matches found
CVE-2025-69262
pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Cod...
EulerOS 2.0 SP10 : orc (EulerOS-SA-2024-2449)
According to the versions of the orc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially...
EulerOS 2.0 SP9 : orc (EulerOS-SA-2024-2376)
According to the versions of the orc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially...
EulerOS 2.0 SP10 : orc (EulerOS-SA-2024-2426)
According to the versions of the orc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially...
MGASA-2024-0288 Updated orc packages fix security vulnerability
Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...
CVE-2024-40897
Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...
AZL-47122 CVE-2024-40897 affecting package orc for versions less than 0.4.39-2
Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...
CVE-2024-40897
Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...
CVE-2024-40897
Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...
CVE-2024-40897
CVE-2024-40897 concerns the ORC library. A stack-based buffer overflow in orcparse.c affects ORC versions prior to 0.4.39, which could allow arbitrary code execution in a developer build environment when processing crafted files. The vulnerability primarily impacts developers and CI environments ...
CVE-2024-40897
Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...
CVE-2024-40897
Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...
SUSE CVE-2024-40897
Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...
K000139609: NGINX HTTP/3 QUIC vulnerability CVE-2024-32760
Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause other potential impact. CVE-2024-32760 Note : This issue affects NGINX systems compiled with the...
[SECURITY] Fedora 36 Update: source-to-image-1.3.1-5.fc36
Source-to-Image S2I is a toolkit and workflow for building reproducible container images from source code. S2I produces ready-to-run images by injecting source code into a container image and letting the container prepare that source code for execution. By creating self-assembling builder images,...
[SECURITY] Fedora 36 Update: source-to-image-1.3.1-4.fc36
Source-to-Image S2I is a toolkit and workflow for building reproducible container images from source code. S2I produces ready-to-run images by injecting source code into a container image and letting the container prepare that source code for execution. By creating self-assembling builder images,...
com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.cloudbees.jenkins.plugins:docker-custom-build-environment (>=1.2 <=1.7.3) +14 more potentially affected by CVE-2022-20617 via org.jenkins-ci.plugins:docker-commons (>=1.0 <=1.15)
org.jenkins-ci.plugins:docker-commons MAVEN version =1.0, =1.9.2-beta, =1.2, =1.0.43, =3.0.0, =1.0, =1.26, =1.0, =1.0, =1.0, =0.2, =0.1.5, =0.2.3 and more Source cves: CVE-2022-20617 Source advisory: OSV:GHSA-JPXJ-VGQ5-PRJC...