SUSE: Security Advisory (SUSE-SU-2022:2417-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 35 Update: golang-github-vbatts-tar-split-0.11.1-10.fc35

Pristinely disassembling a tar archive, and stashing needed raw bytes and offsets to reassemble a validating original archive...

ALPINE-CVE-2022-2097

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...

DEBIAN-CVE-2022-2097

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...

OpenSSL 加密问题漏洞

OpenSSL is an open source capable general-purpose cryptographic library from the Openssl team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

[SECURITY] Fedora 36 Update: golang-github-vbatts-tar-split-0.11.1-10.fc36

Pristinely disassembling a tar archive, and stashing needed raw bytes and offsets to reassemble a validating original archive...

`Read` on uninitialized buffer in `fill_buf()` and `read_up_to()`

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

Heap-based Buffer Overflow

tensorflow is vulnerable to heap-based buffer overflow. The use of AllocatedBytes in the insecure hash function AbslHashValue allows local authenticated attackers to cause heap-based buffer overflows resulting in denial of service conditions...

CLSA-2022-1653328424 Fixed CVEs in vim: CVE-2022-1616, CVE-2022-1621, CVE-2022-1620, CVE-2022-1629, CVE-2022-1619

CVE-2022-1619: fix going before the command line start with latin1 encoding - CVE-2022-1620: fix NULL pointer dereference when using invalig regexp - CVE-2022-1621: fix to avoid adding invalid bytes with :spellgood - CVE-2022-1629: fix reading past end of line if ended with trailing backslash -...

CVE-2021-42586

A heap buffer overflow was discovered in copybytes in decoder2007.c in dwgread before 0.12.4 via a crafted dwg file...

GNU LibreDWG 缓冲区错误漏洞

GNU LibreDWG is a C library for processing DWG files from the GNU community.A heap buffer overflow vulnerability exists in versions of GNU LibreDWG prior to 0.12.4, which stems from a boundary error in copybytes of decoder2007.c when handling untrusted input. No detailed vulnerability details are...

GNU LibreDWG 缓冲区错误漏洞

GNU LibreDWG is a C library for processing DWG files from the GNU community.A heap buffer overflow vulnerability exists in versions of GNU LibreDWG prior to 0.12.4, which stems from a boundary error in copycompressedbytes of decoder2007.c when handling untrusted input. No detailed vulnerability...

RUSTSEC-2022-0031 Panic due to improper UTF-8 indexing

When parsing untrusted rulex expressions, rulex may panic, possibly enabling a Denial of Service attack. This happens when the expression contains a multi- byte UTF-8 code point in a string literal or after a backslash, because rulex tries to slice into the code point and panics as a result. The...

CVE-2022-29210

TensorFlow is an open source platform for machine learning. In version 2.8.0, the TensorKey hash function used total estimated AllocatedBytes, which a is an estimate per tensor, and b is a very poor hash function for constants e.g. int32t. It also tried to access individual tensor bytes through...

CLSA-2022-1653006752 Fixed CVEs in vim: CVE-2022-1620, CVE-2022-1616, CVE-2022-1629, CVE-2022-1621, CVE-2022-1619

CVE-2022-1619: fix going before the command line start with latin1 encoding - CVE-2022-1620: fix NULL pointer dereference when using invalig regexp - CVE-2022-1621: fix to avoid adding invalid bytes with :spellgood - CVE-2022-1629: fix reading past end of line if ended with trailing backslash -...

PT-2022-19463 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow version 2.8.0 Description: The issue arises from the TensorKey hash function using total estimated AllocatedBytes, which is an estimate per tensor and a poor hash function for constants, such as int32 t. It also attempts to access...

postgresql: libpq processes unencrypted bytes from man-in-the-middle

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption...

ntfs-3g: Out-of-bounds heap buffer access in ntfs_get_attribute_value() due to incorrect check of bytes_in_use value in MFT records

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing NTFS attributes, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

Buffer Overflow in vyper

Impact Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a buffer overrun. Patches 0.3.2 as of https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b Workarounds Use .vy...

GHSA-4MRX-6FXM-8JPG Buffer Overflow in vyper

Impact Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a buffer overrun. Patches 0.3.2 as of https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b Workarounds Use .vy...