GHSA-MGRQ-9F93-WPP5 OpenClaw: workspace path guard bypass on non-existent out-of-root symlink leaf

Summary openclaw had a workspace boundary bypass in workspace-only path validation: when an in-workspace symlink pointed outside the workspace to a non-existent leaf, the first write could pass validation and create the file outside the workspace. Affected Packages / Versions - Package: openclaw...

OpenClaw: workspace path guard bypass on non-existent out-of-root symlink leaf

Summary openclaw had a workspace boundary bypass in workspace-only path validation: when an in-workspace symlink pointed outside the workspace to a non-existent leaf, the first write could pass validation and create the file outside the workspace. Affected Packages / Versions - Package: openclaw...

SUSE CVE-2022-50301

In the Linux kernel, the following vulnerability has been resolved: iommu/omap: Fix buffer overflow in debugfs There are two issues here: 1 The "len" variable needs to be checked before the very first write. Otherwise if omap2iommudumpctx with "bytes" less than 32 it is a buffer overflow. 2 The...

CVE-2022-50301

CVE-2022-50301: Linux kernel iommu/omap debugfs vulnerability causing a buffer overflow in omap2_iommu_dump_ctx when bytes

Cross-site Scripting (XSS)

Overview std/net/http/cgi is a Go standard library package std/net/http/cgi Affected versions of this package are vulnerable to Cross-site Scripting XSS. Go Vulnerability Report:When a Handler does not explicitly set the Content-Type header, the the package would default to “text/html”, which cou...

Cross-site Scripting (XSS)

Overview std/net/http/fcgi is a Go standard library package std/net/http/fcgi Affected versions of this package are vulnerable to Cross-site Scripting XSS. Go Vulnerability Report:When a Handler does not explicitly set the Content-Type header, the the package would default to “text/html”, which...

undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer

An information leak vulnerability was found in Undertow. If all headers are not written out in the first write call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests...

undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer

An information leak vulnerability was found in Undertow. If all headers are not written out in the first write call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests...

undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer

An information leak vulnerability was found in Undertow. If all headers are not written out in the first write call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests...

undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer

An information leak vulnerability was found in Undertow. If all headers are not written out in the first write call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests...

kernel: race condition in snd_seq_write() may lead to UAF or OOB-access

ALSA sequencer core initializes the event pool on demand by invoking sndseqpoolinit when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access...

DEBIAN-CVE-2018-14642

An information leak vulnerability was found in Undertow. If all headers are not written out in the first write call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests...