GSD-2022-1006601 ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header

ipvlan: Fix out-of-bound bugs caused by unset skb-macheader This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.215 by commit...

GSD-2022-1006527 ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header

ipvlan: Fix out-of-bound bugs caused by unset skb-macheader This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.12 by commit...

GSD-2022-1006481 ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header

ipvlan: Fix out-of-bound bugs caused by unset skb-macheader This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0 by commit...

PT-2022-34783 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.12 Description: The issue is related to out-of-bound bugs caused by an unset skb-mac header in the ipvlan module. The actual impact and attack plausibility have not yet been proven. Recommendations: For...

Security Bulletin: A security vulnerability in Nodejs unset-value affects IBM Cloud Pak for Multicloud Management Managed Services

Summary A security vulnerability in Nodejs unset-value affects IBM Cloud Pak for Multicloud Management Managed Services Vulnerability Details IBM X-Force ID: 220063 DESCRIPTION: Node.js unset-value module is vulnerable to a denial of service, caused by a prototype pollution flaw in the unset...

Ubuntu: Security Advisory (USN-320-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fixed CVE-2022-29154 in rsync

CVE-2022-29154: fix arbitrary file write vulnerability via malicious rysnc server MITM attack - Add '%check unset DISPLAY ' section but disable broken 'daemon' and 'hardlinks' tests...

CLSA-2022-1660761947 Fixed CVE-2022-29154 in rsync

CVE-2022-29154: fix arbitrary file write vulnerability via malicious rysnc server MITM attack - Add '%check unset DISPLAY ' section but disable broken 'daemon' and 'hardlinks' tests...

CLSA-2022-1660759162 Fixed CVE-2022-29154 in rsync

CVE-2022-29154: fix arbitrary file write vulnerability via malicious rysnc server MITM attack - Add '%check unset DISPLAY ' section but disable broken 'daemon' and 'hardlinks' tests...

CVE-2022-30580

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset...

CVE-2022-30580

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset...

CVE-2022-30580 Empty Cmd.Path can trigger unintended binary in os/exec on Windows

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset...

Untrusted Search Path

Overview std/os/exec is a Go standard library package std/os/exec Affected versions of this package are vulnerable to Untrusted Search Path. Go Vulnerability Report: On Windows, executing Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset will unintentionally trigger...

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboards may be vulnerable to a denial of service vulnerability due to IBM X-Force vulnerability 220063

Summary Node.js module unset-value is used by IBM App Connect Enterprise Certified Container Dashboard when internally processing and validating an OpenAPI definition. IBM App Connect Enterprise Certified Container Dashboards may be vulnerable to a denial of service vulnerability. This bulletin...

PT-2025-8066

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory corruption issue exists due to the registration of devices multiple times when multiple connection complete events are received for the same handle. To address this, the code no...

Prototype Pollution in irrelon-path and @irrelon/path

The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions...

GHSA-J7CG-H9V9-6VQP Prototype Pollution in irrelon-path and @irrelon/path

The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions...

CVE-2020-7708

The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions...

CVE-2020-7708

CVE-2020-7708 affects the Node.js packages named in the report: irrelon-path and @irrelon/path, specifically versions prior to 4.7.0. The vulnerability is a Prototype Pollution flaw exposed through the set, unSet, pushVal, and pullVal functions, allowing an attacker to modify object prototypes an...

Prototype Pollution

Overview @irrelon/path is an A powerful JSON path processor. Allows you to drill into and manipulate JSON objects with a simple dot-delimited path format e.g. "obj.name". Affected versions of this package are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions. POC...