CVE-2019-25078 pacparser pacparser.c pacparser_find_proxy buffer overflow

A vulnerability classified as problematic was found in pacparser up to 1.3.x. Affected by this vulnerability is the function pacparserfindproxy of the file src/pacparser.c. The manipulation of the argument url leads to buffer overflow. Attacking locally is a requirement. Upgrading to version 1.4....

CVE-2022-4399

A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7d737a3929f335b9717ddbd31db91151b69ad2. It ...

CVE-2022-4399

A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7d737a3929f335b9717ddbd31db91151b69ad2. It ...

DEBIAN-CVE-2022-4399

A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7d737a3929f335b9717ddbd31db91151b69ad2. It ...

CVE-2022-4399

A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7d737a3929f335b9717ddbd31db91151b69ad2. It ...

UBUNTU-CVE-2022-4399

A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7d737a3929f335b9717ddbd31db91151b69ad2. It ...

CVE-2022-4399

CVE-2022-4399 affects TicklishHoneyBee nodau; the vulnerability resides in src/db.c where manipulation of the argument value/name enables SQL injection. The issue is described as critical with potential impact on confidentiality, integrity, and availability. A patch is identified by the patch nam...

CVE-2022-4399

A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7d737a3929f335b9717ddbd31db91151b69ad2. It ...

CVE-2022-4399 TicklishHoneyBee nodau db.c sql injection

A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7d737a3929f335b9717ddbd31db91151b69ad2. It ...

GNU Emacs Command Injection Vulnerability

GNU Emacs is a family of text editors from the GNU community in the U.S. A command injection vulnerability exists in GNU Emacs version 28.2 and earlier, which stems from lib-src/etags.c's use of system C library functions when implementing the ctags program. An attacker could exploit the...

CVE-2022-45939

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggested in the ctags...

emacs -- arbitary shell command execution vulnerability of ctags

lu4nx reports: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggeste...

Rocky Linux 8 : wavpack (RLSA-2022:7558)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7558 advisory. - An out of bounds read was found in Wavpack 5.4.0 in processing .WAV files. This issue triggered in function WavpackPackSamples of file src/packutils.c, tainted...

Denial Of Service (DoS)

exim4 is vulnerable to denial of service. The vulnerability exists in src/expand.c due to use after free in Regex Handler which allows an attacker to crash the application via malicious input...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Go vulnerability (USN-5725-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5725-1 advisory. Diederik Loerakker, Jonny Rhea, Ral Kripalani, and Preston Van Loon discovered that Go incorrectly handled certain inputs. An attacker cou...

Memory corruption

open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted PFCP packet...

roaring-landmask (=0.4.0) potentially affected by CVE-2022-3602 via openssl-src (=300.0.0+3.0.0)

openssl-src CARGO version =300.0.0+3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - roaring-landmask =0.4.0 Source cves: CVE-2022-3602 Source advisory: OSV:RUSTSEC-2022-0064...

CVE-2022-43222

Open5GS v2.4.11 is affected by a memory leak in src/smf/pfcp-path.c that can be exploited to cause a Denial of Service via crafted PFCP packets. The CVE entry documents a HIGH severity (CVSS 3.1 v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Connected sources corroborate the vulnerability in the mem...

D-Link DIR-816 A2 缓冲区错误漏洞

The D-Link DIR-816 A2 is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-816 A2 version 1.10 B05, which originates from a stack overflow in the srcip parameter of /goform/form2IPQoSTcAdd...

CVE-2021-42523

There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'errmsg' of 'sqlite3exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it...