Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend.
Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.
Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
Integer overflow in the isofs_real_read_zf function in isofs.c in FuseISO 20070708 might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ZF block size in an ISO file, leading to a heap-based buffer overflow.
Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
Use After Free in GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read.
fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing to a directory automatically runs `git` commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory into one controlled by the attacker, such as on a shared file system or extracted archive, fish will run arbitrary commands under the attacker's control. This problem has been fixed in fish 3.4.0. Note that running git in these directories, including using the git tab completion, remains a potential trigger for this issue. As a workaround, remove the `fish_git_prompt` function from the prompt.
Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.
Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.
Chromium: CVE-2021-30618 Inappropriate implementation in DevTools
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.
Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Use After Free in GitHub repository vim/vim prior to 8.2.
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.