GHSA-JMWX-R3GQ-QQ3P vec-const attempts to construct a Vec from a pointer to a const slice

Affected versions of this crate claimed to construct a const Vec with nonzero length and capacity, but that cannot be done because such a Vec requires a pointer from an allocator. The implementation was later changed to just construct a std::borrow::Cow...

vec-const attempts to construct a Vec from a pointer to a const slice

Affected versions of this crate claimed to construct a const Vec with nonzero length and capacity, but that cannot be done because such a Vec requires a pointer from an allocator. The implementation was later changed to just construct a std::borrow::Cow...

Security fix for the ALT Linux 10 package kernel-image-std-def version 2:5.10.121-alt1

2:5.10.121-alt1 built June 15, 2022 Vitaly Chikunov in task 301677 --- June 10, 2022 Vitaly Chikunov - v5.10.121 2022-06-09. - altha: Restrict setcap binaries in nosuid mode. - v5.10.120 2022-06-06. Fixes: CVE-2022-1852, CVE-2022-1972, CVE-2022-1966. - kernel.perfeventparanoid=4 by default. -...

Security fix for the ALT Linux 10 package kernel-image-std-def version 2:5.10.118-alt1

2:5.10.118-alt1 built May 30, 2022 kernelbot in task 300613 --- May 25, 2022 Kernel Bot - v5.10.118 2022-05-25. Fixes: CVE-2022-1729, CVE-2022-0854...

OSV-2022-436 Stack-buffer-overflow in spvtools::opt::CompositeInsertToCompositeConstruct

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47684 Crash type: Stack-buffer-overflow READ 8 Crash state: spvtools::opt::CompositeInsertToCompositeConstruct std::1::function::funcbool spvtools::opt::InstructionFolder::FoldInstructionInternal...

Allocation of Resources Without Limits or Throttling

Overview std/regexp is a Go standard library package std/regexp Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report:On 64-bit platforms, an extremely deeply nested expression can cause regexp.Compile to cause goroutine...

Integer Overflow or Wraparound

Overview std/math/big is a Go standard library package std/math/big Affected versions of this package are vulnerable to Integer Overflow or Wraparound. Go Vulnerability Report: Rat.SetString had an overflow issue that can lead to uncontrolled memory consumption. Remediation Upgrade std/math/big t...

OSV-2022-425 Heap-use-after-free in std::__1::__tree_node_base<void*>*& std::__1::__tree<std::__1::__value_type<std:

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47533 Crash type: Heap-use-after-free READ 1 Crash state: std::1::treenodebase& std::1::treestd::1::valuetypestd: std::1::pairstd::1::treeiteratorstd::1::valuetypestd::1::basic...

CVE-2022-27134

EOSIO batdappboomx v327c04cf has an Access-control vulnerability in the transfer function of the smart contract which allows remote attackers to win the cryptocurrency without paying ticket fee via the std::string memo parameter...

OSV-2022-409 Heap-buffer-overflow in std::__1::__tree_node_base<void*>*& std::__1::__tree<std::__1::__value_type<std:

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47391 Crash type: Heap-buffer-overflow READ 1 Crash state: std::1::treenodebase& std::1::treestd::1::valuetypestd: std::1::pairstd::1::treeiteratorstd::1::valuetypestd::1::basic...

NewStart CGSL CORE 5.04 / MAIN 5.04 : gcc Multiple Vulnerabilities (NS-SA-2022-0019)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has gcc packages installed that are affected by multiple vulnerabilities: - Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service Fortran application crash...

OSV-2022-375 Stack-use-after-return in std::__1::__function::__func<bool grk::WaveletReverse::decompress_partial_tile<i

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46986 Crash type: Stack-use-after-return READ 1 Crash state: std::1::function::funcbool grk::WaveletReverse::decompresspartialtilei tf::Executor::invoke tf::Executor::spawn...

Security fix for the ALT Linux 10 package kernel-image-std-def version 2:5.10.110-alt1

2:5.10.110-alt1 built April 12, 2022 kernelbot in task 298105 --- April 8, 2022 Kernel Bot - v5.10.110 Fixes: CVE-2021-4034...

OSV-2022-321 Stack-use-after-scope in std::__1::__function::__func<bool grk::WaveletReverse::decompress_partial_tile<g

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46468 Crash type: Stack-use-after-scope WRITE 1 Crash state: std::1::function::funcbool grk::WaveletReverse::decompresspartialtileg tf::Executor::invoke tf::Executor::consumetask...

OSV-2022-295 Use-of-uninitialized-value in unsigned long grk::N_SSE4::vscheduler<grk::N_SSE4::DecompressDcShiftIrrev>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46241 Crash type: Use-of-uninitialized-value Crash state: unsigned long grk::NSSE4::vscheduler std::1::function::funcunsigned long grk::NSSE4::vschedulergrk::NSSE4:: tf::Executor::invoke...

openSUSE: Security Advisory for rust, (openSUSE-SU-2022:0843-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for rust1.56 (openSUSE-SU-2022:0149-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE: Security Advisory (SUSE-SU-2022:0171-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-21658

Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable a race condition enabling symlink following CWE-363. A...

Uncontrolled Search Path Element

Overview std/syscall is a Go standard library package std/syscall Affected versions of this package are vulnerable to Uncontrolled Search Path Element. Go Vulnerability Report: Untrusted search path vulnerability on Windows related to LoadLibrary allows local users to gain privileges via a...