PT-2023-33060 · Unknown +1 · Ethereum Abi Decoder +1

Name of the Vulnerable Software and Affected Versions: Ethereum ABI decoder affected versions not specified Description: A potential denial-of-service DoS vector exists in the Ethereum ABI decoder due to the specification allowing zero-sized-types ZST. This can cause excessive resource consumptio...

Security Bulletin: Vulnerability in Golang Go affect IBM Cloud Pak System [CVE-2022-41723]

Summary Vulnerability in Golang Go affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2022-41723 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the HPACK decoder. By sending a specially-crafted HTTP/2 stream, a remote attacker could exploit this...

The vulnerability of Squid’s chunked decoder allows a hacker to interact directly with the server.

The vulnerability of Squid’s chunked proxy server decoder is related to the way the server interprets fragmented encoding syntax. Exploiting this vulnerability allows a remote attacker to interact directly with the server...

Ubuntu: Security Advisory (USN-6500-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6500-1 squid vulnerabilities

Joshua Rogers discovered that Squid incorrectly handled validating certain SSL certificates. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. CVE-2023-46724 Joshua...

Oracle Linux 8 : container-tools:ol8 (ELSA-2023-6939)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6939 advisory. - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723...

The vulnerability of the Golang programming language decoder, related to excessive iteration, allows attackers to trigger a service failure.

The vulnerability of the Golang programming language decoder is related to excessive processing load on the processor during decoding. Exploiting this vulnerability can allow a remote attacker to cause service failures...

The vulnerability of the Golang programming language decoder, related to the distribution of resources without any restrictions or regulations, allows attackers to cause service failures.

The vulnerability of the Golang programming language decoder is related to the decoding of large amounts of compressed data, which consumes excessive memory and processing power. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

ROS-20231115-01

A vulnerability in the Squid proxy server related to the execution of a "buffer overflow" attack, writing up to 2MB of of arbitrary data to the memory heap when Squid is configured to accept HTTP Digest Authentication. Exploitation of the vulnerability could allow an attacker acting remotely to...

PT-2023-35601 · Git +1 · Libavc

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read crash. Technical details about the crash include the functions ih264d sev, ih264d parse fgc, and ih26...

Fedora 38 : podman-tui (2023-e359fd31d2)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-e359fd31d2 advisory. podman-tui v0.12.0 + security fix for CVE-2023-39325 and CVE-2022-41717 and CVE-2022-41723 Tenable has extracted the preceding description block...

ROS-20231116-02

Vulnerability in DecodeConfig component of Golang programming language is related to uncontrolled consumption of resources. resources. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the decoder component of the Golang programming language...

Oracle Linux 9 : skopeo (ELSA-2023-6363)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6363 advisory. - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539...

Oracle Linux 9 : buildah (ELSA-2023-6473)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6473 advisory. - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539...

Oracle Linux 9 : podman (ELSA-2023-6474)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6474 advisory. - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723...

PT-2023-9143 · Unknown +2 · Stb Vorbis.C +2

Name of the Vulnerable Software and Affected Versions: stb vorbis.c version 1.22 Description: A heap-based buffer overflow vulnerability exists in the comment functionality of stb vorbis.c. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file ...

golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests...

RHEL 8 : container-tools:rhel8 (RHSA-2023:6939)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6939 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: go-yaml:...

OPENSUSE-SU-2023:0366-1 Security update for vlc

This update for vlc fixes the following issues: Update to version 3.0.20: + Video Output: - Fix green line in fullscreen in D3D11 video output - Fix crash with some AMD drivers old versions - Fix events propagation issue when double-clicking with mouse wheel + Decoders: - Fix crash when AV1...

Security update for vlc (moderate)

openSUSE Security Update: Security update for vlc Announcement ID: openSUSE-SU-2023:0365-1 Rating: moderate References: Cross-References: CVE-2022-37434 CVE-2023-5217 CVSS scores: CVE-2022-37434 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37434 SUSE: 8.1...