242 matches found
CVE-2024-26644 btrfs: don't abort filesystem when attempting to snapshot deleted subvolume
In the Linux kernel, the following vulnerability has been resolved: btrfs: don't abort filesystem when attempting to snapshot deleted subvolume If the source file descriptor to the snapshot ioctl refers to a deleted subvolume, we get the following abort: BTRFS: Transaction aborted error -2 WARNIN...
emacs: command execution via shell metacharacters
A flaw was found in the Emacs package. This flaw allows attackers to execute commands via shell metacharacters in the name of a source-code file...
kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sltxtimeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information...
CVE-2024-26337
swftools v0.9.2 was discovered to contain a segmentation violation via the function sfont at swftools/src/swfc.c...
Atheme Security Breach
Atheme is a set of IRC services open-sourced by Atheme. A security vulnerability exists in Atheme version 7.2.12, which stems from a memory leak contained in /atheme/src/crypto-benchmark/main.c. The vulnerability is caused by a memory leak in /atheme/src/crypto-benchmark/main.c, which contains a...
PT-2024-20910 · Flvmeta · Flvmeta
Name of the Vulnerable Software and Affected Versions: flvmeta version 1.2.2 Description: The issue allows a local attacker to cause a denial of service via the function in flv close at flvmeta/src/flv.c:375:21. Recommendations: For flvmeta version 1.2.2, as a temporary workaround, consider...
CVE-2024-25201
Espruino 2v20 commit fcc9ba4 was discovered to contain an Out-of-bounds Read via jsvStringIteratorPrintfCallback at src/jsvar.c...
CVE-2024-24188
Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c...
PT-2024-20310 · Jsish · Jsish
Name of the Vulnerable Software and Affected Versions: Jsish version 3.5.0 Description: A use-after-free issue was discovered in Jsish via the SplitChar at ./src/jsiUtils.c. Recommendations: For Jsish version 3.5.0, at the moment, there is no information about a newer version that contains a fix...
[SECURITY] Fedora 39 Update: llhttp-9.1.3-1.fc39
This project is a port of httpparser to TypeScript. llparse is used to generate the output C source file, which could be compiled and linked with the embedder's program like Node.js...
[SECURITY] Fedora 38 Update: llhttp-9.1.3-1.fc38
This project is a port of httpparser to TypeScript. llparse is used to generate the output C source file, which could be compiled and linked with the embedder's program like Node.js...
emacs: command execution via shell metacharacters
A flaw was found in the Emacs package. This flaw allows attackers to execute commands via shell metacharacters in the name of a source-code file...
CVE-2023-46363
jbig2enc v0.28 was discovered to contain a SEGV via jbig2addpage in src/jbig2enc.cc:512...
PT-2023-29981 · Jbig2Enc · Jbig2Enc
Name of the Vulnerable Software and Affected Versions: jbig2enc version 0.28 Description: The issue is related to a SEGV Segmentation Violation in the jbig2enc library. It occurs via the jbig2 add page function in the src/jbig2enc.cc file at line 512. Recommendations: For jbig2enc version 0.28,...
PT-2023-12543
Name of the Vulnerable Software and Affected Versions Ortus Solutions ColdBox Elixir version 3.1.6 Description A problematic vulnerability has been found in Ortus Solutions ColdBox Elixir, affecting the ENV Variable Handler component, specifically the file src/defaultConfig.js. This issue leads t...
Low: file
Issue Overview: File before 5.43 has an stack-based buffer over-read in filecopystr in funcs.c. NOTE: "File" is the name of an Open Source project. CVE-2022-48554 Affected Packages: file Issue Correction: Run dnf update file --releasever 2023.1.20230906 or dnf update --advisory ALAS2023-2023-333...
DEBIAN-CVE-2021-33390
dpic 2021.04.10 has a use-after-free in thedeletestringbox function in dpic.y. A different vulnerablility than CVE-2021-32421...
Fedora: Security Advisory for llhttp (FEDORA-2023-105880e618)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 38 Update: llhttp-8.1.1-1.fc38
This project is a port of httpparser to TypeScript. llparse is used to generate the output C source file, which could be compiled and linked with the embedder's program like Node.js. This copy of the library is compiled with LLHTTPSTRICTMODE set to 0 disabled, which is the default...
CVE-2023-36192
Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capturewscheckpacket at /src/capture.c...