An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to
On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to
This update fixes a vulnerability in this lib. For details see refererenced github advisory. References: - https://bugs.mageia.org/show_bug.cgi?id=31110
Buffer overflow in function _GetCountedString of the file xkb/xkb.c. (CVE-2022-3550) Memory leak in the function ProcXkbGetKbdByName of the file xkb/xkb.c. (CVE-2022-3551)
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2000, CVE-2022-2129, CVE-2022-2210) Use After Free in GitHub repository vim/vim prior to 8.2. (CVE-2022-2042)
buffer overrun in format_timespan() function (bsc#1204968) (CVE-2022-3821) Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 0469b9f2bc pstore: do not try to load all known pstore modules ad05f54439 pstore: Run after modules are loaded ccad817445 core: Add trigger limit for path units
Service Workers might have learned size of cross-origin media files. (CVE-2022-45403) Fullscreen notification bypass. (CVE-2022-45404)
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations (CVE-2022-43680). Service Workers should not be able to infer information about opaque
Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler,
