Saghul

**Name of the Vulnerable Software and Affected Versions** quickjs-ng versions up to 0.11.0 **Description** A flaw exists in quickjs-ng up to version 0.11.0 due to a heap-based buffer overflow in the `js typed array constructor` function within the `quickjs.c` file. This issue can be triggered remotely through a manipulation. The exploit for this issue has been publicly disclosed. **Recommendations** Apply the patch c5d80831e51e48a83eab16ea867be87f091783c5 to remediate this issue.

**Name of the Vulnerable Software and Affected Versions** libuv versions prior to 0.10.34 **Description** The issue is related to libuv not properly dropping group privileges, which allows attackers to gain privileges via unspecified vectors. The vulnerability is associated with errors in updating group privileges. Exploitation of the vulnerability may allow a remote attacker to elevate their privileges. **Recommendations** For versions prior to 0.10.34, update to version 0.10.34 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive resources to minimize the risk of exploitation.