SUSE CVE-2025-0838

There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve, and rehash methods of absl::flat,nodehashset,map did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer...

CVE-2023-52066

http.zig commit 76cf5 was discovered to contain a CRLF injection vulnerability via the url parameter...

CVE-2024-24157

Gnuboard g6 / https://github.com/gnuboard/g6 commit c2cc1f5069e00491ea48618d957332d90f6d40e4 is vulnerable to Cross Site Scripting XSS via board.py...

ITFlow Cross-Site Request Forgery Vulnerability

ITFlow is ITFlow open source ERP software for customer IT documentation, ticketing and billing. A cross-site request forgery vulnerability exists in versions prior to ITFlow commit 432488eca3998c5be6b6b9e8f8ba01f54bc12378. An attacker could exploit this vulnerability to change system settings...

Buildroot Security Vulnerabilities

Buildroot is Buildroot open source set of Makefile and Patch files. It is used to simplify and automate the process of building a complete and bootable Linux environment for embedded systems. A security vulnerability exists in Buildroot version 2023.08.1 and dev commit 622698d7847, which stems fr...

UBUNTU-CVE-2023-48237

Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This...

SUSE CVE-2023-5441

NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960...

DEBIAN-CVE-2023-5197

A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. Addition and removal of rules from chain bindings within the same transaction causes leads to use-after-free. We recommend upgrading past commit...

Composer allows cache poisoning from other projects built on the same host

Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side build process. The issue occurs because of the way that dist packages are cached. The cache key is derived from the package name, the dist...

UBUNTU-CVE-2023-4015

A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. On an error when building a nftables rule, deactivating immediate expressions in nftimmediatedeactivate can lead unbinding the chain and objects be deactivate...

UBUNTU-CVE-2023-25399

A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in PyFindObjects function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly...

CVE-2023-3294

Cross-site Scripting XSS - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7...

AZL-26953 CVE-2023-0459 affecting package kernel for versions less than 5.15.116.1-1

Copyfromuser on 64-bit versions of the Linux kernel does not implement the uaccessbeginnospec allowing a user to bypass the "accessok" check and pass a kernel pointer to copyfromuser. This would allow an attacker to leak information. We recommend upgrading beyond...

PT-2023-22710 · Hermes · Hermes

Name of the Vulnerable Software and Affected Versions: Hermes versions prior to commit da8990f737ebb9d9810633502f65ed462b819c09 Description: A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled could have been used by an attacker to achieve remot...

UBUNTU-CVE-2023-0458

A speculative pointer dereference problem exists in the Linux Kernel on the doprlimit function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or...

FreeBSD-SA-23:02.openssh

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-23:02.openssh Security Advisory The FreeBSD Project Topic: OpenSSH pre-authentication double free Category: contrib Module: openssh Announced: 2023-02-16...

UBUNTU-CVE-2023-0266

A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRVCTLIOCTLELEMREAD|WRITE32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past...

PT-2022-37402 · Wasm3 · Wasm3

Name of the Vulnerable Software and Affected Versions: wasm3 version prior to the commit after 7890a2097569fde845881e0b352d813573e371f9 Description: A segmentation fault was discovered in the op CallIndirect component at the /m3 exec.h location. Recommendations: For versions prior to the commit...

GHSA-GMWP-3PWC-3J3G mockery is vulnerable to prototype pollution

Prototype pollution vulnerability in function enable in mockery.js in mfncooper mockery commit 822f0566fd6d72af8c943ae5ca2aa92e516aa2cf via the key variable in mockery.js...

SWFMill 缓冲区错误漏洞

SWFMill is a tool for working with Adobe Flash SWF files by Daniel Cassidy, a personal developer in the UK. A security vulnerability exists in SWFMill commit number: 53d7690 that stems from a heap buffer overflow in its SWF::Writer::writeByteunsigned char function...