SUSE CVE-2019-13638

GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156...

SUSE CVE-2020-35531

In LibRaw, an out-of-bounds read vulnerability exists within the gethuffmandiff function libraw\src\x3f\x3futilspatched.cpp when reading data from an image file...

GitHub: Rogue collaborators and ambiguous branch names in GitHub

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling. This affected all versions prior to 3.9 and was fixed in later versions...

Prototype Pollution

deep-object-diff is vulnerable to prototype pollution. The library improperly validates the incoming JSON keys, which allows a remote attacker to edit or add new properties to an object through proto attribute...

@backland/accounts (>=0.1.3-alpha.2022.11.25.20.14.44.0 <=0.1.3-alpha.20221123222206.0), @backland/entity (>=0.1.3-alpha.2022.11.25.20.14.44.0 <=0.1.3-alpha.20221123222206.0) +29 more potentially affected by CVE-2022-41713 via deep-object-diff (=1.1.7)

deep-object-diff NPM version =1.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on deep-object-diff and may be impacted: - @backland/accounts =0.1.3-alpha.2022.11.25.20.14.44.0, =0.1.3-alpha.2022.11.25.20.14.44.0, =0.1.3-alpha.2022.11.25.20.14.44.0,...

CVE-2022-41713

deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the 'proto' property to be edited...

Code injection

deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the 'proto' property to be edited...

CVE-2022-41713

CVE-2022-41713 affects the Node.js library deep-object-diff version 1.1.0, where improper validation of incoming JSON keys allows prototype pollution via the proto property. The available connected documents confirm the root cause as a prototype pollution weakness in deep-object-diff 1.1.0 and re...

deep-object-diff 安全漏洞

deep-object-diff is a small library by Matt Phillips, a personal developer, that can deeply differentiate between two JavaScript objects, including arrays and nested structures of objects. A security vulnerability exists in deep-object-diff version 1.1.0 that stems from an application's inability...

CVE-2022-41713 deep-object-diff 1.1.0 - Prototype Pollution

deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the 'proto' property to be edited...

PT-2022-26043 · Unknown · Deep-Object-Diff

Name of the Vulnerable Software and Affected Versions: deep-object-diff versions 1.1.0 through 1.1.5 Description: The issue allows an external attacker to edit or add new properties to an object because the application does not properly validate incoming JSON keys, thus allowing the proto propert...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 CVE-2021-41773 POC with Docker Configurati...

DEBIAN-CVE-2020-35531

In LibRaw, an out-of-bounds read vulnerability exists within the gethuffmandiff function libraw\src\x3f\x3futilspatched.cpp when reading data from an image file...

UBUNTU-CVE-2020-35531

In LibRaw, an out-of-bounds read vulnerability exists within the gethuffmandiff function libraw\src\x3f\x3futilspatched.cpp when reading data from an image file...

Libraw 缓冲区错误漏洞

Libraw is a C++ library from Libraw Inc. for processing RAW CRW/CR2, NEF, RAF, DNG, andothers format images on various operating systems. A security vulnerability exists in Libraw, which is caused by an out-of-bounds write in the gethuffmandiff function...

Denial Of Service (DoS)

vim/vim is vulnerable to denial of service. The vulnerability exists due to a null pointer dereference when deleting buffers in diff mode which allows an attacker to cause an application crash...

Out-of-bounds Write

vim is vulnerable to out-of-bounds write. The vulnerability exists due to invalid memory access after diff buffer manipulations in 1diffmarkadjusttp function in diff.c...

Vim 缓冲区错误漏洞

Vim is a cross-platform text editor. vim suffers from a buffer overflow vulnerability that results from undefined behavior in the diffwritebuffer function. An attacker could exploit this vulnerability to cause a buffer overflow...

CLSA-2022-1658856539 Fix CVE(s): CVE-2022-2289, CVE-2022-2304

SECURITY UPDATE: Accessing freed memory with diff put - debian/patches/CVE-2022-2289.patch: Bail out when diff pointer is no longer valid - CVE-2022-2289 SECURITY UPDATE: Spell dump may go beyond end of an array - debian/patches/CVE-2022-2304.patch: Limit the word length - CVE-2022-2304...

CLSA-2022-1658854080 Fixed CVEs in vim: CVE-2022-2289, CVE-2022-2304

CVE-2022-2289: bail out when diff pointer is no longer valid to avoid accessing freed memory with diff put - CVE-2022-2304: limit the word length to avoid out of bound accesing...