vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material

Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. Impa...

RUSTSEC-2024-0354 Usage of non-constant time base64 decoder could lead to leakage of secret key material

Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. Impa...

CLSA-2024-1721206996 poppler: Fix of CVE-2022-38784

CVE-2022-38784: fix integer overflow in JBIG2 decoder...

The vulnerability of the decodeComponents() function in the decode-uri-component decoder allows a attacker to cause a service failure.

The vulnerability of the decodeComponents function in the decode-uri-component decoder is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

RHEL 8 : golang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: crypto/elliptic implementations of P-521 and P-384 elliptic curves allow for denial of service...

RHEL 7 : golang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - go: encoding/xml: XML element instability CVE-2020-29511 - The x/text package before 0.3.3 for Go has a...

netty-codec-http: Allocation of Resources Without Limits or Throttling

A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...

CVE-2024-21522

All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder.decode or new OpusDecoder.decodeFloat functions it is not checked for negative values. This can lead to a process crash...

[SECURITY] Fedora 40 Update: jpegxl-0.8.3-1.fc40

This package contains a reference implementation of JPEG XL encoder and decoder...

PT-2024-18936 · Audify · Audify

Name of the Vulnerable Software and Affected Versions: audify versions all Description: The issue arises from improper validation of array index when frameSize is provided to the new OpusDecoder.decode or new OpusDecoder.decodeFloat functions, as it is not checked for negative values. This can le...

Potential memory exhaustion attack due to sparse slice deserialization

Details Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. For instance, in the Proof of Concept written below, someone can specify to set a field of the...

The vulnerability of the dav1d decoder in iOS, iPadOS, visionOS, macOS, Fedora, and the Safari browser allows a hacker to execute arbitrary code.

The vulnerability of the dav1d decoder in iOS, iPadOS, visionOS, macOS, Fedora, and the Safari browser is related to a numerical overflow vulnerability. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

Zyxel IKE Packet Decoder - Unauthenticated Remote Code Execution (Metasploit)

Exploit Title: Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution Date: 2023-03-31 Exploit Author: sf Vendor Homepage: https://www.zyxel.com/ Software Link: https://www.zyxel.com/ Version: ATP Firmware version 4.60 to 5.35 inclusive, USG FLEX Firmware version 4.60 to 5.35 inclusive, V...

PT-2024-30693

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue concerns handling an invalid decoder vsi in the vpu dec init function to ensure the decoder vsi is valid for future use. This is related to the media: mediatek: vcodec componen...

SUSE CVE-2024-26761

In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window The Linux CXL subsystem is built on the assumption that HPA == SPA. That is, the host physical address HPA the HDM decoder registers are programmed wi...

netty-codec-http: Allocation of Resources Without Limits or Throttling

A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...

RHEL 6 : fetchmail (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - fetchmail: DoS crash in the base64 decoder upon server NTLM protocol exchange abort right after the initi...

RHEL 4 : nss (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nss: TOCTOU, potential use-after-free in libssl's session ticket processing MFSA 2014-12 CVE-2014-1490 -...

RHEL 5 : mingw-virt-viewer (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gstreamer-plugins-good: Heap buffer overflow in FLIC decoder CVE-2016-9636 - The qtdemuxtagaddstrfull...

EulerOS 2.0 SP11 : docker-engine (EulerOS-SA-2024-1785)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...