Updated golang packages fix security vulnerability

net/http: limit canonical header cache by bytes, not entries bsc1206135 CVE-2022-41717...

USN-5775-1 vim vulnerabilities

It was discovered that Vim uses freed memory in recurisve substitution of specially crafted patterns. An attacker could possbly use this to crash Vim and cause denial of service. CVE-2022-2345 It was discovered that Vim makes illegal memory calls when patterns start with an illegal byte. An...

CVE-2022-41802

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernelliteosa has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked...

Akamai Is Delighted to Partner with Teneo and Bytes Software Services

Akamai?s partnerships with Teneo and Bytes Software Solutions help us to adapt, grow, and innovate in an ever-changing landscape...

Akamai Is Delighted to Partner with Teneo and Bytes Software Services

Akamai’s partnerships with Teneo and Bytes Software Solutions help us to adapt, grow, and innovate in an ever-changing landscape...

PT-2022-36774 · Git +1 · Ghostscript

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow WRITE 7 crash type. The crash state involves several functions: bytes copy rectangle zero padding, cmd put...

kernel: ALSA: oss: Fix PCM OSS buffer allocation overflow

In the Linux kernel, the following vulnerability has been resolved: ALSA: oss: Fix PCM OSS buffer allocation overflow We've got syzbot reports hitting INTMAX overflow at vmalloc allocation that is called from sndpcmplugalloc. Although we apply the restrictions to input parameters, it's based only...

kernel: ASoC: SOF: ipc3-topology: Prevent double freeing of ipc_control_data via load_bytes

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc3-topology: Prevent double freeing of ipccontroldata via loadbytes We have sanity checks for byte controls and if any of the fail the locally allocated scontrol-ipccontroldata is freed up, but not set to NULL. On a...

Buffer Over Read

wolfSSL is vulnerable to buffer overreads. The vulnerability exists if callback functions are enabled via the WOLFSSLCALLBACKS flag which allows an attacker to trigger a buffer over-read on the heap of 5 bytes...

kernel: ASoC: SOF: ipc3-topology: Prevent double freeing of ipc_control_data via load_bytes

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc3-topology: Prevent double freeing of ipccontroldata via loadbytes We have sanity checks for byte controls and if any of the fail the locally allocated scontrol-ipccontroldata is freed up, but not set to NULL. On a...

Denial of Service (DoS)

Overview apple/swift-nio-extras is an useful code around SwiftNIO. Affected versions of this package are vulnerable to Denial of Service DoS. When using the .size decompression limit, request & response decompression checks the size of compressed instead of decompressed bytes. Details Denial of...

Improper Neutralization of Null Byte or NUL Character

Overview std/syscall is a Go standard library package std/syscall Affected versions of this package are vulnerable to Improper Neutralization of Null Byte or NUL Character. Go Vulnerability Report: Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on...

DEBIAN-CVE-2022-2929

In ISC DHCP 1.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory...

node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery

A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature...

node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery

A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature...

CVE-2022-2778

In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes...

CVE-2022-2778

In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes...

Design/Logic Flaw

In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes...

CVE-2022-2778

CVE-2022-2778 affects Octopus Deploy. The connected documents describe a vulnerability that allows bypassing login rate limiting by using null bytes, enabling potential repeated login attempts without proper throttling. The description consistently ties this to Octopus Deploy implementations and ...

PT-2022-18578 · Unknown · Octopus Deploy

Name of the Vulnerable Software and Affected Versions: Octopus Deploy affected versions not specified Description: The issue allows bypassing rate limiting on login using null bytes. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...