AZL-8578 CVE-2022-0185 affecting package kernel for versions less than 5.15.26.1-1

A heap-based buffer overflow flaw was found in the way the legacyparseparam function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged in case of unprivileged user namespaces enabled, otherwise needs namespaced CAPSYSADMIN privile...

DEBIAN-CVE-2022-0185

A heap-based buffer overflow flaw was found in the way the legacyparseparam function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged in case of unprivileged user namespaces enabled, otherwise needs namespaced CAPSYSADMIN privile...

Exposure of Sensitive Information to an Unauthorized Actor in ionicabizau/parse-url

Description First Assume this example var parseUrl = require"parse-url" parseUrl"http://[email protected]:[email protected]/path/name?foo=bar&bar=42some-hash" that return : protocols: "http" protocol: "http" port: null resource: "[email protected]" user: "" pathname:...

@foxnfork/auth-node (>=0.0.8 <=0.0.50), @foxnfork/node-utils (>=0.0.1 <=0.0.9) +11 more potentially affected by CVE-2021-26543 via git-parse (>=1.0.3 <=1.0.4)

git-parse NPM version =1.0.3, =0.0.8, =0.0.1, =0.0.1, =2.11.0-beta, =1.4.3, =2.6.0, =2.18.1, =0.2.11, =1.2.7, =1.0.0, =2.33.10, =0.2.1, =2.6.2, =2.6.3 Source cves: CVE-2021-26543 Source advisory: OSV:GHSA-M744-2JJ8-VPFV...

Command injection in git-parse

The "gitDiff" function in Wayfair git-parse =1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability...

GHSA-M744-2JJ8-VPFV Command injection in git-parse

The "gitDiff" function in Wayfair git-parse =1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability...

UBUNTU-CVE-2022-0391

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...

CVE-2022-0391

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...

CVE-2022-0391

CVE-2022-0391 affects the Python urllib.parse.urlparse path handling, where input is not sanitized and allows literal CR/LF characters, enabling crafted URLs to trigger injection-like issues. Public docs (Python history, Debian LTS/DLA notes, Astra Linux bulletin) corroborate that the vulnerabili...

PT-2022-11971 · Siemens · Solid Edge +2

Name of the Vulnerable Software and Affected Versions: JT2Go versions prior to V13.2.0.7 Solid Edge SE2021 versions prior to SE2021MP9 Solid Edge SE2022 versions prior to SE2022MP1 Teamcenter Visualization V13.1 versions prior to V13.1.0.9 Teamcenter Visualization V13.2 versions prior to V13.2.0....

Rocky Linux 8 : nodejs:14 (RLSA-2021:3666)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:3666 advisory. - Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host...

PHP Everywhere 2.0.3 Remote Code Execution

On January 4, 2022, the Wordfence Threat Intelligence team began the responsible disclosure process for several Remote Code Execution vulnerabilities in PHP Everywhere, a WordPress plugin installed on over 30,000 websites. One of these vulnerabilities allowed any authenticated user of any level,...

MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.

...

CVE-2021-46665

MariaDB through 10.5.9 allows a sqlparse.cc application crash because of incorrect usedtables expectations...

DEBIAN-CVE-2021-46665

MariaDB through 10.5.9 allows a sqlparse.cc application crash because of incorrect usedtables expectations...

UBUNTU-CVE-2021-46665

MariaDB through 10.5.9 allows a sqlparse.cc application crash because of incorrect usedtables expectations...

CVE-2022-21796

A memory corruption vulnerability exists in the netserver parsecommandlist functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-46549

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via parsecvaltype at src/mjsffi.c. This vulnerability can lead to a Denial of Service DoS...

Reolink RLC-410W 缓冲区错误漏洞

Reolink Rlc-410W is a Wifi security camera from Reolink China.A security vulnerability exists in Reolink RLC-410W in version v3.0.0.13620121102, which stems from the fact that the product parsecommandlist function does not properly validate the input data. An attacker could cause out-of-bounds...

Improper Authentication

Overview cgi is a Support for the Common Gateway Interface protocol. Affected versions of this package are vulnerable to Improper Authentication. CGI::Cookie.parse mishandles security prefixes in cookie names by applying URL decoding to cookie names. An attacker could exploit this vulnerability t...