140 matches found
GHSA-V829-X6HH-CQFQ Crossplane-runtime contains Improper Input Validation via Compositions
Summary Fuzz testing, by Ada Logics and sponsored by the CNCF, identified a vulnerability in the fieldpath package from crossplane/crossplane-runtime that an already highly privileged Crossplane user able to create or update Compositions could leverage to cause an out of memory panic in Crossplan...
American Fuzzy Lop plus plus 安全漏洞
American Fuzzy Lop plus plus AFL++ is is an advanced branch of Google's AFL - faster, more and better mutations, more and better instrumentation, custom module support, and more. AFL++ 4.05c contains a security vulnerability that originates in the CmpLog component that uses the current working...
GHSA-G6PW-999W-J75M ELF header parsing library doesn't check for valid offset
The crate has several unsafe sections that don't perform proper pointer validation. An example can be found in the following function: fn sectionheaderraw&self - &ET::SectionHeader let shoff = self.elfheader.sectionheaderoffset as usize; let shnum = self.elfheader.sectionheaderentrynum as usize;...
ELF header parsing library doesn't check for valid offset
The crate has several unsafe sections that don't perform proper pointer validation. An example can be found in the following function: fn sectionheaderraw&self - &ET::SectionHeader let shoff = self.elfheader.sectionheaderoffset as usize; let shnum = self.elfheader.sectionheaderentrynum as usize;...
GHSA-67FX-WX78-JX33 Helm vulnerable to denial of service through schema file
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the chartutil package that can cause a segmentation violation. Applications that use functions from the chartutil package in the Helm SDK can have a Denial of Service attack when they use this package and it...
Helm vulnerable to denial of service through schema file
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the chartutil package that can cause a segmentation violation. Applications that use functions from the chartutil package in the Helm SDK can have a Denial of Service attack when they use this package and it...
Helm vulnerable to denial of service through through repository index file
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the repo package that can cause a segmentation violation. Applications that use functions from the repo package in the Helm SDK can have a Denial of Service attack when they use this package and it panics...
GHSA-53C4-HHMH-VW5Q Helm vulnerable to denial of service through through repository index file
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the repo package that can cause a segmentation violation. Applications that use functions from the repo package in the Helm SDK can have a Denial of Service attack when they use this package and it panics...
Helm vulnerable to denial of service through string value parsing
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the strvals package in the Helm SDK can have a Denial of Service atta...
Internet Bug Bounty: CVE-2022-23519: Rails::Html::SafeListSanitizer vulnerable to XSS when certain tags are allowed (math+style || svg+style)
The following is from: https://hackerone.com/reports/1656627 Intro The Rails HTML sanitzier allows to set certain combinations of tags in it's allow list that are not properly handled. Similar to the report 1530898, which identified the combinationselect and style as vulnerable, my fuzz testing...
Helm vulnerable to denial of service through string value parsing
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the strvals package in the Helm SDK can have a Denial of Service atta...
Helm vulnerable to denial of service through schema file
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the chartutil package that can cause a segmentation violation. Applications that use functions from the chartutil package in the Helm SDK can have a Denial of Service attack when they use this package and it...
Helm vulnerable to denial of service through through repository index file
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the repo package that can cause a segmentation violation. Applications that use functions from the repo package in the Helm SDK can have a Denial of Service attack when they use this package and it panics...
PT-2022-36745 · Git +1 · Ghostscript
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A crash occurred due to an unknown read issue, as reported by OSS-Fuzz. The crash state includes Ins MSIRP, RunIns, and Instance Reset. No information is available about the estimated...
RUSTSEC-2022-0079 ELF header parsing library doesn't check for valid offset
The crate has several unsafe sections that don't perform proper pointer validation. An example can be found in the following function: fn sectionheaderraw&self - &ET::SectionHeader let shoff = self.elfheader.sectionheaderoffset as usize; let shnum = self.elfheader.sectionheaderentrynum as usize;...
PT-2025-38424
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A stack overflow issue was resolved in the crypto/hisilicon/qm module of the Linux kernel. The vulnerability occurs due to insufficient bounds checking during the use of sscanf,...
SUSE SLES15 Security Update : helm (SUSE-SU-2022:3666-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3666-1 advisory. - Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0. CVE-2022-1996 - Helm i...
PT-2022-37312 · Skia · Skia
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read crash. Technical details include the crash type being a Heap-buffer-overflow READ 4, and the crash...
PT-2022-37273 · Git +1 · Hunspell
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash reported by OSS-Fuzz, with a Segv on an unknown address. The crash occurs in the HashMgr class, specifically in the add...
CVE-2022-36055
Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. The strvals package contains a parser that turns strings in to Go...