Fedora: Security Advisory for golang-github-skip2-qrcode (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: golang-github-skip2-qrcode-0-2.20220316gitda1b656.fc35

QR Code encoder Go...

[SECURITY] Fedora 35 Update: golang-github-francoispqt-gojay-1.2.13-7.fc35

GoJay is a performant JSON encoder/decoder for Golang currently the most performant, see benchmarks. It has a simple API and doesn't use reflection. It relies on small interfaces to decode/encode structures and slices. Gojay also comes with powerful stream decoding features and an even faster...

[SECURITY] Fedora 35 Update: golang-github-burntsushi-toml-test-0.2.0-11.20210108git9767d20.fc35

Toml-test is a higher-order program that tests other TOML decoders or encoder s. The goal is to make it comprehensive. Tests are divided into two groups: inva lid TOML data and valid TOML data. Decoders that reject invalid TOML data pass invalid TOML tests. Decoders that accept valid TOML data an...

The vulnerability of the AVEVideoEncoder component in iOS, tvOS, and iPadOS allows a hacker to execute arbitrary code.

The vulnerability of the AVEVideoEncoder component in iOS, tvOS, and iPadOS lies in the operation of recording data beyond the buffer limits in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code...

Fedora: Security Advisory for golang-github-francoispqt-gojay (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-31117

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is...

CVE-2022-31117

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is...

CVE-2022-31116

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupti...

CVE-2022-31116 Incorrect handling of invalid surrogate pair characters in ujson

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupti...

CVE-2022-31116

UltraJSON vulnerability (CVE-2022-31116) affects UltraJSON, a C-based JSON encoder/decoder with Python bindings. Affected versions improperly decoded escaped surrogate characters (surrogate pairs), enabling string corruption and potential key confusion or value overwriting when parsing JSON from ...

CVE-2022-31117

UltraJSON (ujson) has a vulnerability CVE-2022-31117: a double-free bug during buffer reallocation in string decoding. The issue is in the C-level decoder; due to UltraJSON’s internal design, this double free cannot be triggered from Python. The advisory details confirm the root cause and state n...

CVE-2022-31117

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is...

CVE-2022-31117 Double free of buffer during string decoding in ujson

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is...

[SECURITY] Fedora 36 Update: golang-github-skip2-qrcode-0-2.20220316gitda1b656.fc36

QR Code encoder Go...

[SECURITY] Fedora 36 Update: golang-github-francoispqt-gojay-1.2.13-7.fc36

GoJay is a performant JSON encoder/decoder for Golang currently the most performant, see benchmarks. It has a simple API and doesn't use reflection. It relies on small interfaces to decode/encode structures and slices. Gojay also comes with powerful stream decoding features and an even faster...

CVE-2022-33069

Ethereum Solidity v0.8.14 contains an assertion failure via SMTEncoder::indexOrMemberAssignment at SMTEncoder.cpp...

Denial Of Service (DoS)

@discordjs/opus is vulnerable to denial of service. An attacker is able cause an application crash via sending crafted requests through an encoder with zero channels, or a non-initialized buffer...

CVE-2022-25345

All versions of package @discordjs/opus are vulnerable to Denial of Service DoS when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash...

CVE-2022-25345

All versions of package @discordjs/opus are vulnerable to Denial of Service DoS when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash...