Stack overflow

In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability...

CVE-2022-2000

An out-of-bounds write vulnerability was found in Vim's appendcommand function of the src/exdocmd.c file. This issue occurs when an error for a command goes over the end of IObuff. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflo...

CVE-2022-31055 Improper Access Control in kctf

kCTF is a Kubernetes-based infrastructure for capture the flag CTF competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark the...

Integer overflow

ZAngband zangband-data 2.7.5 is affected by an integer underflow vulnerability in src/tk/plat.c through the variable fileheader.bfOffBits...

CVE-2021-40589

CVE-2021-40589 affects ZAngband zangband-data 2.7.5. The vulnerability is an integer underflow in src/tk/plat.c, triggered via fileheader.bfOffBits. Publicly documented impact is not expanded beyond the underflow description; no concrete exploit details or patch/version remediation are provided i...

CVE-2022-29779

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njsvalueownenumerate at src/njsvalue.c...

CVE-2022-29779

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njsvalueownenumerate at src/njsvalue.c...

CVE-2022-30503

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njssetnumber at src/njsvalue.h...

CVE-2022-29780

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njsarrayprototypesort at src/njsarray.c...

CVE-2022-29779

CVE-2022-29779 affects Nginx NJS v0.7.2. The issue is a segmentation violation in the function njs_value_own_enumerate located in src/njs_value.c . This vulnerability can cause a denial of service. No exploitation details or fixes are provided in the available documents; remediation/fix status is...

Stack overflow

DISPUTED Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njsdefaultmoduleloader at /src/njs/src/njsmodule.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or 0.7....

openssl-sys (>=0.9.35 <=0.9.37) potentially affected by CVE-2021-3711 via openssl-src (=110.0.7+1.1.0i)

openssl-src CARGO version =110.0.7+1.1.0i is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - openssl-sys =0.9.35, =0.9.37 Source cves: CVE-2021-3711 Source advisory: OSV:GHSA-5WW6-PX42-WC85...

openssl-sys (>=0.9.35 <=0.9.37) potentially affected by CVE-2021-3712 via openssl-src (=110.0.7+1.1.0i)

openssl-src CARGO version =110.0.7+1.1.0i is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - openssl-sys =0.9.35, =0.9.37 Source cves: CVE-2021-3712 Source advisory: OSV:GHSA-Q9WJ-F4QW-6VFJ...

CVE-2020-22983

A Server-Side Request Forgery SSRF vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery SSRF attack via the srcURL parameter to the shortURL task...

Fedora: Security Advisory for golang-gopkg-src-d-git-4 (FEDORA-2022-08ae2dd481)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-gopkg-src-d-git-4 (FEDORA-2022-3a63897745)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-gopkg-src-d-git-4 (FEDORA-2022-5cbd6de569)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: golang-gopkg-src-d-git-4-4.13.1-7.fc34

A highly extensible git implementation in pure go...

[SECURITY] Fedora 35 Update: golang-gopkg-src-d-git-4-4.13.1-7.fc35

A highly extensible git implementation in pure go...

Medium: containerd

Issue Overview: A flaw was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when...