660 matches found
PT-2022-3700 · Busybox +2 · Busybox +2
Name of the Vulnerable Software and Affected Versions: BusyBox versions prior to 1.35.0 Description: The issue is related to the lack of input sanitization in the BusyBox command-line utility set, specifically affecting the netstat utility when printing DNS PTR records to a VT-compatible terminal...
CVE-2022-1199
A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability...
CVE-2022-1199
A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability...
GSD-2022-1000898 net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
net: arcnet: com20020: Fix null-ptr-deref in com20020pciprobe This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.233 by commit...
Accusoft ImageGear JPEG-JFIF lossless Huffman parser heap-based buffer overflow vulnerabilities
Summary Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities. Tested...
GSD-2022-1000148 udf: Fix NULL ptr deref when converting from inline format
udf: Fix NULL ptr deref when converting from inline format This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.176 by commit...
py39-unicorn -- sandbox escape and arbitrary code execution vulnerability
jwang-a reports: An issue was discovered in splitregion in uc.c in Unicorn Engine before 2.0.0-rc5. It allows local attackers to escape the sandbox. An attacker must first obtain the ability to execute crafted code in the target sandbox in order to exploit this vulnerability. The specific flaw...
GSD-2021-1002314 i40e: Fix NULL ptr dereference on VSI filter sync
i40e: Fix NULL ptr dereference on VSI filter sync This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.5 by commit...
GSD-2021-1002282 i40e: Fix NULL ptr dereference on VSI filter sync
i40e: Fix NULL ptr dereference on VSI filter sync This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.82 by commit...
GSD-2021-1002248 i40e: Fix NULL ptr dereference on VSI filter sync
i40e: Fix NULL ptr dereference on VSI filter sync This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.218 by commit...
UVI-2021-1002248 i40e: Fix NULL ptr dereference on VSI filter sync
i40e: Fix NULL ptr dereference on VSI filter sync This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.218 by commit...
GSD-2021-1002237 i40e: Fix NULL ptr dereference on VSI filter sync
i40e: Fix NULL ptr dereference on VSI filter sync This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.256 by commit...
UVI-2021-1002237 i40e: Fix NULL ptr dereference on VSI filter sync
i40e: Fix NULL ptr dereference on VSI filter sync This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.256 by commit...
GHSA-8GWJ-8HXC-285W Prototype Pollution in json-ptr
This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays...
Prototype Pollution in json-ptr
This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays...
Security Bulletin: IBM App Connect Enterprise Certified Container may be affected by CVE-2021-23509
Summary IBM App Connect Enterprise Certified Container may be affected by a prototype pollution flaw in the pointer parameter in json-ptr due to CVE-2021-23509 Vulnerability Details CVEID: CVE-2021-23509 DESCRIPTION: Node.js json-ptr module could allow a remote attacker to execute arbitrary code ...
Json-Ptr type obfuscation vulnerability
Json-Ptr is a full implementation of Json pointer Rfc 6901 for Nodejs and modern browsers. a security vulnerability exists in Json-Ptr, which stems from a design or implementation impropriety in the code development process of a web system or product. No details of the vulnerability are currently...
Prototype Pollution
json-ptr is vulnerable to prototype pollution. The vulnerability exists in 'setValueAtPath' and 'unsetValueAtPath' functions in 'util.ts' because the type of user provided keys are not properly validated. An attacker is able to inject properties into existing construct prototypes and modify...
CVE-2021-23509
This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays...
CVE-2021-23509
This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays...