deterministic-wasi-ctx (=0.1.3), enarx (>=0.5.0 <=0.5.1) +8 more potentially affected by CVE-2022-31146 via wasmtime (=0.37.0)

wasmtime CARGO version =0.37.0 is affected by a known vulnerability. The following packages have a transitive dependency on wasmtime and may be impacted: - deterministic-wasi-ctx =0.1.3 - enarx =0.5.0, =0.5.1 - enarx-exec-wasmtime =0.5.1 - wasi-tokio =0.37.0 - wasmtime-cli-flags =0.37.0 -...

CVE-2022-31212

An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied...

DEBIAN-CVE-2022-31212

An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied...

Stack overflow

An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied...

CVE-2022-31212

An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied...

UBUNTU-CVE-2022-31212

An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied...

CVE-2022-31212

An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied...

Sourcegraph gitserver sshCommand RCE

A vulnerability exists within Sourcegraph's gitserver component that allows a remote attacker to execute arbitrary OS commands by modifying the core.sshCommand value within the git configuration. This command can then be triggered on demand by executing a git push operation. The vulnerability was...

Sourcegraph gitserver sshCommand Remote Command Execution Exploit

A vulnerability exists within Sourcegraph's gitserver component that allows a remote attacker to execute arbitrary OS commands by modifying the core.sshCommand value within the git configuration. This command can then be triggered on demand by executing a git push operation. The vulnerability was...

CVE-2022-22038 Remote Procedure Call Runtime Remote Code Execution Vulnerability

...

Oracle Linux 8 : go-toolset:ol8addon (ELSA-2022-17956)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-17956 advisory. go-toolset 1.18.3-1 - Update to golang 1.18.3 golang 1.18.3-1.0.1 - Rebase to 1.18.3 by adding upstream patches to the 1.18.0 openssl-fips - Modify...

Unbreakable Enterprise kernel security update

4.14.35-2047.515.3 - uek-rpm: Enable Pensando EMMC reset controller Thomas Tai Orabug: 34325721 - mfd: pensandoelbasr: Add Pensando Elba System Resource Chip Brad Larson Orabug: 34325721 - dsc-drivers: update drivers for 1.15.9-C-65 Shannon Nelson Orabug: 34325721 4.14.35-2047.515.2 - net/rds:...

OESA-2022-1743 containerd security update

containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

DEBIAN-CVE-2022-32088

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exectimetracker::getloops/Filesorttracker::reportuse/filesort...

CVE-2022-32088

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exectimetracker::getloops/Filesorttracker::reportuse/filesort...

MariaDB 安全漏洞

MariaDB is a free and open source database management system from the Mariadb Foundation and a version of the MySQL branch that uses the Maria storage engine.A security vulnerability exists in MariaDB, which stems from a segmentation error found via the component Exectimetracker::...

PT-2022-20611 · Unknown +3 · C-Uitl/C-Shquote +4

Name of the Vulnerable Software and Affected Versions: dbus-broker versions prior to 31 Description: An issue was discovered in dbus-broker where it depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is...

cri-o: memory exhaustion on the node when access to the kube api

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...

cri-o: memory exhaustion on the node when access to the kube api

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...

CVE-2022-31309

A vulnerability in livecheck.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function...