Oracle Linux 9 : podman (ELSA-2023-6474)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6474 advisory. - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723...

PT-2023-9143 · Unknown +2 · Stb Vorbis.C +2

Name of the Vulnerable Software and Affected Versions: stb vorbis.c version 1.22 Description: A heap-based buffer overflow vulnerability exists in the comment functionality of stb vorbis.c. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file ...

golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests...

RHEL 8 : container-tools:rhel8 (RHSA-2023:6939)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6939 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: go-yaml:...

OPENSUSE-SU-2023:0366-1 Security update for vlc

This update for vlc fixes the following issues: Update to version 3.0.20: + Video Output: - Fix green line in fullscreen in D3D11 video output - Fix crash with some AMD drivers old versions - Fix events propagation issue when double-clicking with mouse wheel + Decoders: - Fix crash when AV1...

Security update for vlc (moderate)

openSUSE Security Update: Security update for vlc Announcement ID: openSUSE-SU-2023:0365-1 Rating: moderate References: Cross-References: CVE-2022-37434 CVE-2023-5217 CVSS scores: CVE-2022-37434 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37434 SUSE: 8.1...

squid: Request/Response smuggling in HTTP/1.1 and ICAP

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...

python: CPU denial of service via inefficient IDNA decoder

A vulnerability was discovered in Python. A quadratic algorithm exists when processing inputs to the IDNA RFC 3490 decoder, such that a crafted unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be...

Rocky Linux 8 : container-tools:rhel8 (RLSA-2020:4694)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4694 advisory. - A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters...

Fedora 39 : pypy (2023-5460cf6dfb)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-5460cf6dfb advisory. Security fix for CVE-2022-45061 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

CVE-2023-32818

In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896 & ALPS08013430; Issue ID: ALPS07867715...

CVE-2023-46846

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...

AZL-31905 CVE-2023-46846 affecting package squid 5.7-5

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...

CVE-2023-46846

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...

Malicious code in transaction-decoder (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 588e3ae64f6791e490455f6c01512f655440e86bb808155dc3a0ece45f77b016 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2023-9005 · Artifex +2 · Jbig2Dec +2

Name of the Vulnerable Software and Affected Versions: Artifex Software jbig2dec version 0.20 Description: The issue is related to the incorrect initialization of a resource in the jbig2 error function of the jbig2.c file in the Jbig2dec decoder for the JBIG2 image compression format. This can be...

ROS-20231030-04

The HPACK decoder vulnerability is related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting locally to cause a denial of service...

SUSE CVE-2023-46846

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...

Amazon Linux AMI : amazon-ssm-agent (ALAS-2023-1866)

The version of amazon-ssm-agent installed on the remote host is prior to 3.2.1705.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1866 advisory. 2023-10-30: CVE-2023-24540 was added to this advisory. The x/crypto/ssh package before...

SUSE CVE-2023-45680

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in startdecoder. In that case the function returns early, the f-commentlist is set to NULL, but f-commentlistlength is not reset. Later in vorbisdeinit it tries to...