HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t::set and hb_set_copy). Date published : 2021-12-31 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37425 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/harfbuzz/OSV-2021-1159.yaml
Qt SVG in Qt 5.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps::growAppend (called from QPainterPath::addPath and QPathClipper::intersect). Date published : 2021-12-31 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37025 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37306
Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from CompileElseBlock and Compile_If). Date published : 2021-12-31 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36551 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/wasm3/OSV-2021-1061.yaml
libjxl before 0.6, as used in libvips 8.11 through 8.11.2 and other products, has an out-of-bounds write in jxl::ModularFrameDecoder::DecodeGroup (called from jxl::FrameDecoder::ProcessACGroup and jxl::ThreadPool::RunCallState
MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0x7ffd6e029ee0) in mdb_numeric_to_string (called from mdb_xfer_bound_data and _mdb_attempt_bind). Date published : 2021-12-31 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36187 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/mdbtools/OSV-2021-1003.yaml
MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0x7ffd0c689be0) in mdb_numeric_to_string (called from mdb_xfer_bound_data and _mdb_attempt_bind). Date published : 2021-12-31 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35972 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/mdbtools/OSV-2021-958.yaml
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. Date...
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. Date published : 2021-12-31 https://groups.google.com/g/golang-announce/c/hcmEScgc00k
vim is vulnerable to Out-of-bounds Read Date published : 2021-12-31 https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0 https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b
vim is vulnerable to Use After Free Date published : 2021-12-31 https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22 https://github.com/vim/vim/commit/4c13e5e6763c6eb36a343a2b8235ea227202e952
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. Date published : 2021-12-31 https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/...
SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to can lead to HTTP response splitting. Date published : 2021-12-30 https://drive.google.com/file/d/19_O6Sfc0PvgEZD7m98a5heNNOp28ZfcE/view?usp=sharing
Quectel UC20 UMTS/HSPA+ UC20 6.3.14 is affected by a Cross Site Scripting (XSS) vulnerability. Date published : 2021-12-30 https://drive.google.com/file/d/1SizrkduiRFzjDcld4e9F_RV6N9DcIOQE/view?usp=sharing
Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are...