Amazon Linux 2023 : yajl, yajl-devel (ALAS2023-2023-263)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-263 advisory. yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when...

Updated qtwebsockets5 packages fix a security vulnerability

In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service memory consumption CVE-2018-21035...

AnonX - An Encrypted File Transfer Via AES-256-CBC

An Encrypted File transfer via AES-256-CBC AnonX is an encrypted file uploader and downloader. The uploaded archive lasts for one week and shall remove from the server. AnonX encrypts the directory before uploading it to the server. The download function requires the download id and AES password ...

Improper access control

NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead...

CVE-2021-1070

CVE-2021-1070 affects NVIDIA Jetson L4T prior to 32.5 (Jetson AGX Xavier, Xavier NX, TX1/TX2, Nano/Nano 2GB). The flaw sits in the apply_binaries.sh script used to install NVIDIA components into the root filesystem image, where improper access control may let an unprivileged user modify system de...

CVE-2021-1071

NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead...

CVE-2021-1070

NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the applybinaries.sh script used to install NVIDIA components into the root file system image, in which improper access control is applied, which may lead to an...

CVE-2021-1071

CVE-2021-1071 affects the NVIDIA Tegra kernel used in Jetson L4T before r32.5. The issue is in the INA3221 driver where improper access control may allow unauthorized users to read system power usage data, causing information disclosure. Affected devices include Jetson AGX Xavier, Jetson Xavier N...

Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB - January 2021

NVIDIA has released a software update for Jetson AGX Xavier™, Jetson Xavier NX, Jetson™ TX1, Jetson TX2, Jetson Nano™, and Jetson Nano 2GB in the NVIDIA® JetPack™ software development kit SDK 4.5. The update addresses security issues that may lead to denial of service, data loss, and information...

CVE-2018-21035

In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service memory consumption...

Debian DSA-4286-1 : curl - security update

Zhaoyang Wu discovered that cURL, an URL transfer library, contains a buffer overflow in the NTLM authentication code triggered by passwords that exceed 2GB in length on 32bit systems. See https://curl.haxx.se/docs/CVE-2018-14618.html for more information. C Tenable Network Security, Inc. The...

Security update for glibc (important)

This update for glibc fixes the following issues: - CVE-2017-18269: Fix SSE2 memmove issue when crossing 2GB boundary bsc1094150 - CVE-2018-11236: Fix overflow in path length computation bsc1094161 - CVE-2018-11237: Don't write beyond buffer destination in mempcpyavx512novzeroupper bsc1094154 Non...

Internet Bug Bounty: ldap_escape could produce string larger than 2Gb

https://bugs.php.net/bug.php?id=72975...

Complete Google Security Checkup, Get 2GB Extra Google Drive Space

Google has found an excellent idea to celebrate Safer Internet Day. The search engine giant is offering a nice perk for its users who complete a quick Security Checkup by February 17th. No doubt, its willing to bribe us, , but you probably should review your security settings anyway, and I loved...

unzip security update

CentOS Errata and Security Advisory CESA-2007:0203 Updated unzip packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The unzip utility is used to list, test, or extract files from...

RHEL 4 : unzip (RHSA-2007:0203)

Updated unzip packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The unzip utility is used to list, test, or extract files from a zip archive. A race condition was found in Unzip...

Low: Red Hat Security Advisory: unzip security and bug fix update

Updated unzip packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The unzip utility is used to list, test, or extract files from a zip archive. A race condition was found in Unzip...

CentOS 3 / 4 : cpio (CESA-2005:378)

An updated cpio package that fixes multiple issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GNU cpio copies files into or out of a cpio or tar archive. A race condition bug was found in cpio. It is possible for a local...

Low: Red Hat Security Advisory: cpio security update

An updated cpio package that fixes multiple issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GNU cpio copies files into or out of a cpio or tar archive. A race condition bug was found in cpio. It is possible for a local...

Fedora Core 3 : squid-2.5.STABLE9-1.FC3.6 (2005-373)

Mon May 16 2005 Jay Fenlason 7:2.5.STABLE9-1.FC3.6 - More upstream patches, including ones for bz157456 CVE-2005-1519 DNS lookups unreliable on untrusted networks bz156162 CVE-1999-0710 cachemgr.cgi access control bypass - The following bugs had already been fixed, but the announcements were lost...