software in the public interest inc.

Top products

The 15 most recently published vulnerabilities affecting software in the public interest inc..

• BDU:2026-06246Уязвимость компонента lmathlib.c интерпретатора скриптов Lua, позволяющая нарушителю вызвать отказ в обслуживании5.5May 4, 2026
• CVE-2023-4813Glibc: potential use-after-free in gaih_inet()5.9Sep 12, 2023
• CVE-2022-28805singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compile...9.1Apr 8, 2022
• CVE-2021-43519Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.5.5Nov 9, 2021
• CVE-2021-32626Lua scripts can overflow the heap-based Lua stack in Redis7.5Oct 4, 2021
• CVE-2021-33910basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacke...5.5Jul 20, 2021
• CVE-2020-24370ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).5.3Aug 17, 2020
• CVE-2020-15945Lua 5.4.0 (fixed in 5.4.1) has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a retu...5.5Jul 24, 2020
• CVE-2018-20796In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.7.5Feb 26, 2019
• CVE-2019-6706Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments hav...7.5Jan 23, 2019
• CVE-2018-16866An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versi...3.3Jan 11, 2019
• CVE-2018-5380The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.4.3Feb 19, 2018
• CVE-2018-5379The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack co...7.5Feb 19, 2018
• CVE-2017-18078systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypa...7.8Jan 29, 2018
• CVE-2017-16227The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for...7.5Oct 29, 2017