GHSA-3QM2-RFQW-FMRW move_elements can double-free objects on panic

Affected versions of scratchpad used ptr::read to read elements while calling a user provided function f on them. Since the pointer read duplicates ownership, a panic inside the user provided f function could cause a double free when unwinding. The flaw was fixed in commit 891561bea by removing t...

insert_slice_clone can double drop if Clone panics.

Affected versions of this crate used ptr::copy when inserting into the middle of a Vec. When ownership was temporarily duplicated during this copy, it calls the clone method of a user provided element. This issue can result in an element being double-freed if the clone call panics. Commit 20cb73d...

GHSA-68P4-PJPF-XWCQ insert_slice_clone can double drop if Clone panics.

Affected versions of this crate used ptr::copy when inserting into the middle of a Vec. When ownership was temporarily duplicated during this copy, it calls the clone method of a user provided element. This issue can result in an element being double-freed if the clone call panics. Commit 20cb73d...

SUSE SLED15 / SLES15 Security Update : libwmf (SUSE-SU-2022:1516-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1516-1 advisory. - The wmfmalloc function in api.c in libwmf 0.2.8.4 allows remote attackers to cause a denial of service...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-003)

The version of kernel installed on the remote host is prior to 5.4.117-58.216. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-003 advisory. 2024-05-23: CVE-2021-46974 was added to this advisory. 2024-05-23: CVE-2021-46909 was added to this advisor...

GSD-2022-1002508 video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()

video: fbdev: smscufx: Fix null-ptr-deref in ufxusbprobe This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.311 by commit...

GSD-2022-1002492 net/x25: Fix null-ptr-deref caused by x25_disconnect

net/x25: Fix null-ptr-deref caused by x25disconnect This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.311 by commit...

GSD-2022-1002128 ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM

ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.110 by commit...

GSD-2022-1002061 net/x25: Fix null-ptr-deref caused by x25_disconnect

net/x25: Fix null-ptr-deref caused by x25disconnect This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.110 by commit...

GSD-2022-1001910 ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM

ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.33 by commit...

GSD-2022-1001604 ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM

ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...

GSD-2022-1001171 net/x25: Fix null-ptr-deref caused by x25_disconnect

net/x25: Fix null-ptr-deref caused by x25disconnect This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by commit...

Cross Site Scripting (XSS)

busybox is vulnerable to Cross Site Scripting XSS. The vulnerability exists due to arbitrary code execution which allows an attacker to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal...

Updated busybox packages fix security vulnerability

BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors. CVE-2022-28391...

AZL-9311 CVE-2022-28391 affecting package busybox for versions less than 1.35.0-2

BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors...

CVE-2022-28391

BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors...

CVE-2022-28391

BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors...

AZL-41790 CVE-2022-28391 affecting package busybox for versions less than 1.36.1-3

BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors...

UBUNTU-CVE-2022-28391

BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors...

CVE-2022-28391

BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors...