Msrc Cm1 Fluent-Bit 1.5.2-3 On Cbl Mariner 1.0 vulnerabilities

CVE-2021-46879 [HIGH] CWE-787 An issue was discovered in Treasure Data Fluent Bit 1.7.1 a wrong variable is used to get the msgpack data resulting in a heap overflow in flb_msgpack_gelf_value_ext. An attacker can craft a malicious An issue was discovered in Treasure Data Fluent Bit 1.7.1 a wrong variable is used to get the msgpack data resulting in a heap overflow in flb_msgpack_gelf_value_ext. An attacker can craft a malicious file and tick the victim to open the file with the software triggeri

CVE-2021-46878 [HIGH] CWE-843 An issue was discovered in Treasure Data Fluent Bit 1.7.1 erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and An issue was discovered in Treasure Data Fluent Bit 1.7.1 erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays leading to use-after-free. This can be used by an attacker to

CVE-2022-46392 [MEDIUM] CWE-203 An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically an untrusted operating system attacking An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing th