64 matches found
CVE-2023-42459 Malformed DATA submessage leads to bad-free error in Fast-DDS
Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free could...
Debian: Security Advisory (DSA-5481-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-39945
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled BadParamException in fastcdr, which in turn crashes fastdds. Versions 2.11.0,...
Heap overflow
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PIDPROPERTYLIST parameter that contains a CDR string with length larger than the size of...
CVE-2023-39949 Improper validation of sequence numbers leading to remotely reachable assertion failure
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions...
CVE-2023-39946
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PIDPROPERTYLIST parameter that contains a CDR string with length larger than the size of...
CVE-2023-28638 Stack references to locations outside buffers may become invalid if they exist during a GC compaction in Snappier
Snappier is a high performance C implementation of the Snappy compression algorithm. This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to use byte references rather than pointers to pinned buffers. This change...
Debian: Security Advisory (DLA-231-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: golang-github-google-jsonnet-0.17.0-6.fc36
This an implementation of Jsonnet in pure Go. It is feature complete but is n ot as heavily exercised as the Jsonnet C++ implementation. Please try it out and give feedback...
[SECURITY] Fedora 35 Update: golang-github-google-jsonnet-0.17.0-5.fc35
This an implementation of Jsonnet in pure Go. It is feature complete but is n ot as heavily exercised as the Jsonnet C++ implementation. Please try it out and give feedback...
Exploit for Path Traversal in Apache Http_Server
CVE-2021-42013 C implementation of the infamous Apache 2.4.50...
Dulwich Buffer Overflow when handling pack files
Buffer overflow in the C implementation of the applydelta function in pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file...
GHSA-VJJF-3RVG-GV3V Dulwich Buffer Overflow when handling pack files
Buffer overflow in the C implementation of the applydelta function in pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file...
Exploit for Incorrect Authorization in Polkit_Project Polkit
PolicyKit CVE-2021-3560 Exploitation Authentication Agent ====...
json-c security and bug fix update
An update is available for json-c. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list JSON-C implements a reference counting object model that allows users to easil...
Debian DSA-4887-1 : lib3mf - security update
A use-after-free was discovered in Lib3MF, a C++ implementation of the 3D Manufacturing Format, which could result in the execution of arbitrary code if a malformed file is opened. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...
SharpEDRChecker - Checks Running Processes, Process Metadata, DLLs Loaded Into Your Current Process And The Each DLLs Metadata, Common Inst all Directories, Installed Services And Each Service Binaries Metadata, Installed Drivers And Each Drivers Metadata, All For The Presence Of Known Defensive Products Such As AV's, EDR's And Logging Tools
New and improved C Implementation of Invoke-EDRChecker. Checks running processes, process metadata, Dlls loaded into your current process and each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for...
Fedora: Security Advisory for libpri (FEDORA-2020-2f1ef40a96)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 32 Update: libpri-1.6.0-9.fc32
libpri is a C implementation of the Primary Rate ISDN specification. It was based on the Bellcore specification SR-NWT-002343 for National ISDN. As of May 12, 2001, it has been tested work to with NI-2, Nortel DMS-100, and Lucent 5E Custom protocols on switches from Nortel and Lucent...
[SECURITY] Fedora 33 Update: libpri-1.6.0-9.fc33
libpri is a C implementation of the Primary Rate ISDN specification. It was based on the Bellcore specification SR-NWT-002343 for National ISDN. As of May 12, 2001, it has been tested work to with NI-2, Nortel DMS-100, and Lucent 5E Custom protocols on switches from Nortel and Lucent...