CVE-2022-41939 Credential exposure when running third-party builders in knative/func

knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious lifecycle container. This issues has bee...

CVE-2022-41939

CVE-2022-41939 affects knative.dev/func (client library/CLI for Knative functions). The root issue is credential exposure when using third-party function buildpacks, where a compromised buildpack could expose registry credentials or the local Docker socket to a malicious lifecycle container. The ...

CVE-2022-41939 Credential exposure when running third-party builders in knative/func

knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious lifecycle container. This issues has bee...

CVE-2022-41939 Credential exposure when running third-party builders in knative/func

knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious lifecycle container. This issues has bee...

mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Itemfuncin::cleanup/Item::cleanupprocessor...

mariadb: assertion failure in sql/item_func.cc

A flaw was found in the MariaDB Server. It contains a segmentation fault via the component, sql/itemfunc.cc:148, affecting availability...

OSV-2022-588 Heap-use-after-free in wasmtime_runtime::externref::gc::hcbc8e23ae41614fa

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49171 Crash type: Heap-use-after-free WRITE 8 Crash state: wasmtimeruntime::externref::gc::hcbc8e23ae41614fa wasmtimefuzzing::oracles::tableops::$u7b$$u7b$closure$u7d$$u7d$::hd207e5ffb69...

Malicious code in bfx-hf-func-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7631340a32bc76c05bd236bc6011f4f1040460a40997bbec6fe11016748b4029 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1540 Malicious code in bfx-hf-func-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7631340a32bc76c05bd236bc6011f4f1040460a40997bbec6fe11016748b4029 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

DEBIAN-CVE-2022-27449

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/itemfunc.cc:148...

UBUNTU-CVE-2022-27449

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/itemfunc.cc:148...

HealthNode Hospital Management System 安全漏洞

HealthNode Hospital Management System is a hospital management system. The system includes functions such as patient information management, ward management, surgery schedule management and financial management. Hospital Management System suffers from an SQL injection vulnerability, which...

MariaDB 10.3.0 < 10.3.30 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.3.30. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.3.30 advisory. - MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause...

Buffer Error Vulnerability in Multiple HPE Products

HPE Cloudline CL5800 Gen9 Server and others are a dense cloud storage server appliance from HPE America. A buffer error vulnerability exists in multiple HPE Cloudline products, which stems from a local buffer overflow in the spxrestservice setremoteimageinfofunc function. The following products a...

Code injection

RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub before version 7f1c430 non-semantic versioning there is a risk of code injection. Some routes use eval or Function constructor, which may be injected by the target site with unsafe code, causing server-side securi...

CVE-2020-0493

In CPDFSampledFunc::vCall of cpdfsampledfunc.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

PT-2021-6494 · Libsixel +1 · Libsixel +1

Name of the Vulnerable Software and Affected Versions: Libsixel version 1.8.2 Description: The issue is related to a heap-based buffer overflow in the dither func fs function in tosixel.c. This can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause...

CVE-2017-18612

The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/func-whois.php domain parameter...

Design/Logic Flaw

The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/func-whois.php domain parameter...

CVE-2016-10758

PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the imagename parameter...