RHEL 8 : squid:4 (RHSA-2024:1479)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1479 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid: Denial of Service in...

macOS 14.x < 14.4.1 (HT214096)

The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.4.1. It is, therefore, affected by a vulnerability: - An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We...

macOS 13.x < 13.6.6 (HT214095)

The remote host is running a version of macOS / Mac OS X that is 13.x prior to 13.6.6. It is, therefore, affected by a vulnerability: - An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We...

Updated python python3 packages fix security vulnerabilities

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

[SECURITY] Fedora 40 Update: dav1d-1.4.0-1.fc40

dav1d is a new AV1 cross-platform Decoder, open-source, and focused on speed and correctness...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : dav1d (SUSE-SU-2024:0964-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0964-1 advisory. - An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. Thi...

Oracle Linux 8 : squid:4 (ELSA-2024-1375)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1375 advisory. - Resolves: RHEL-19551 - squid:4/squid: denial of service in HTTP request parsing CVE-2023-50269 - Resolves: RHEL-28611 - squid:4/squid: Denial of...

Oracle Linux 9 : squid (ELSA-2024-1376)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-1376 advisory. - Resolves: RHEL-19555 - squid: denial of service in HTTP request parsing CVE-2023-50269 - Resolves: RHEL-28614 - squid: Denial of Service in HTTP...

PT-2024-22685 · Ibm · Qiskit Ibm Runtime

Name of the Vulnerable Software and Affected Versions: Qiskit IBM Runtime versions 0.1.0 through 0.21.1 Description: The issue concerns the deserialization of JSON data using qiskit ibm runtime.RuntimeDecoder, which can lead to arbitrary code execution given a correctly formatted input string. Th...

RHEL 8 : squid:4 (RHSA-2024:1375)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1375 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: deni...

The vulnerability of the HttpStateData() function in the Chunked decoder of the Squid proxy server allows a hacker to induce a service failure.

The vulnerability of the HttpStateData function in the Chunked decoder of the Squid proxy server is related to buffer overflows in the stack due to uncontrolled recursion during HTTP message processing. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

Squid Denial of Service Vulnerability (CNVD-2024-13541)

Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A denial of service vulnerability exists in Squid that stems from the presence of a recursion error, which can be...

DEBIAN-CVE-2023-52491

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix use after free bug due to error path handling in mtkjpegdecdevicerun In mtkjpegprobe, &jpeg-jobtimeoutwork is bound with mtkjpegjobtimeoutwork. In mtkjpegdecdevicerun, if error happens in mtkjpegsetdecdst, it...

UBUNTU-CVE-2023-52491

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix use after free bug due to error path handling in mtkjpegdecdevicerun In mtkjpegprobe, &jpeg-jobtimeoutwork is bound with mtkjpegjobtimeoutwork. In mtkjpegdecdevicerun, if error happens in mtkjpegsetdecdst, it...

CVE-2024-0050

In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for exploitation...

Google Android Security Vulnerability

Google Android is a Linux-based open-source operating system from Google Inc. in the United States. A security vulnerability exists in Google Android, which stems from a missing validation check in the getConfig method of the SoftVideoDecoderOMXComponent.cpp file, which may result in an...

SUSE CVE-2024-25111

Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunke...

Fedora: Security Advisory for jorbis (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: jorbis-0.0.17-34.fc40

JOrbis is a pure Java Ogg Vorbis decoder...

AZL-42511 CVE-2024-25111 affecting package squid 5.7-5

Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunke...