AZL-35373 CVE-2021-33463 affecting package yasm 1.3.0-17

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasmexprcopyexcept in libyasm/expr.c...

AZL-10324 CVE-2021-33454 affecting package yasm for versions less than 1.3.0-15

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasmexprgetintnum in libyasm/expr.c...

DEBIAN-CVE-2021-33463

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasmexprcopyexcept in libyasm/expr.c...

AZL-10333 CVE-2021-33463 affecting package yasm 1.3.0-17

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasmexprcopyexcept in libyasm/expr.c...

DEBIAN-CVE-2021-33462

An issue was discovered in yasm version 1.3.0. There is a use-after-free in exprtraversenodespost in libyasm/expr.c...

UBUNTU-CVE-2021-33462

An issue was discovered in yasm version 1.3.0. There is a use-after-free in exprtraversenodespost in libyasm/expr.c...

CVE-2021-33454

CVE-2021-33454 – Summary . A NULL pointer dereference exists in yasm 1.3.0 (libyasm/expr.c: yasm_expr_get_intnum). This affects yasm 1.3.0 and is described across multiple security advisories. Impact: according to the CVSS data, local access with low attack complexity, no privileges required, but...

yasm 资源管理错误漏洞

yasm is yasm open source a completely rewritten Netwide assembler. A denial of service vulnerability exists in yasm version 1.3.0, which stems from a post-release reuse of the exprtraversenodespost function in libyasm/expr.c. An attacker could use this vulnerability to cause a denial of service. ...

yasm 代码问题漏洞

yasm is a completely rewritten Netwide assembler from the yasm open source. A security vulnerability exists in yasm version 1.3.0, which stems from a NULL pointer dereference in the yasmexprcopyexcept function in libyasm/expr.c. The vulnerability is caused by the presence of a NULL pointer...

yasm 代码问题漏洞

yasm is a completely rewritten Netwide assembler from the yasm open source. A security vulnerability exists in yasm version 1.3.0, which stems from a null pointer reference to yasmexprgetintnum in its libyasm/expr.c component...

DEBIAN-CVE-2022-32083

MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Itemsubselect::initexprcachetracker...

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.

...

DEBIAN-CVE-2022-27384

An issue in the component Itemsubselect::initexprcachetracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

UBUNTU-CVE-2022-27384

An issue in the component Itemsubselect::initexprcachetracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace.

...

JerryScript 安全漏洞

JerryScript, a lightweight JavaScript engine from the JerryScript project, has a security vulnerability in JerryScript 3.0.0, which stems from an assertion in /jerry-core/parser/js/js-parser-expr.c flags & PARSERPATTERNHASRESTELEMENT fails. No details of the vulnerability are currently provided...

OSV-2021-950 Dynamic-stack-buffer-overflow in std::__1::__wrap_iter<hsql::Expr**>::__wrap_iter

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35944 Crash type: Dynamic-stack-buffer-overflow WRITE 8 Crash state: std::1::wrapiter::wrapiter std::1::vector ::makeiter std::1::vector ::begin...

Prototype Pollution in property-expr

Overview property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function. Recommendation Upgrade to version 2.0.3 or later References - CVE - GitHub Advisory...

@1337lawyers/design (>=0.1.0 <=0.12.14), @1337lawyers/gatsby-theme-1337 (=0.0.1) +1449 more potentially affected by CVE-2020-7707 via property-expr (>=1.0.1 <=2.0.2)

property-expr NPM version =1.0.1, =0.1.0, =1.0.0, =0.0.1-alpha.82, =1.0.0, =1.0.12-alpha.0, =1.0.12-alpha.0, =1.0.0, =1.1.0, =1.3.24-alpha.0, =0.0.1-alpha.1, =2.149.0, =2.152.0 - @amorist/gatsby-theme-antd =1.0.0 - @andersonbarros/strapi-plugin-content-type-builder =3.0.0-beta.16.8-0 and more...

Prototype Pollution in property-expr

The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function...