Fedora 39 : pypy (2023-5460cf6dfb)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-5460cf6dfb advisory. Security fix for CVE-2022-45061 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

CVE-2023-32818

In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896 & ALPS08013430; Issue ID: ALPS07867715...

CVE-2023-46846

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...

AZL-31905 CVE-2023-46846 affecting package squid 5.7-5

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...

CVE-2023-46846

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...

Malicious code in transaction-decoder (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 588e3ae64f6791e490455f6c01512f655440e86bb808155dc3a0ece45f77b016 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2023-9005 · Artifex +2 · Jbig2Dec +2

Name of the Vulnerable Software and Affected Versions: Artifex Software jbig2dec version 0.20 Description: The issue is related to the incorrect initialization of a resource in the jbig2 error function of the jbig2.c file in the Jbig2dec decoder for the JBIG2 image compression format. This can be...

ROS-20231030-04

The HPACK decoder vulnerability is related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting locally to cause a denial of service...

SUSE CVE-2023-46846

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...

Amazon Linux AMI : amazon-ssm-agent (ALAS-2023-1866)

The version of amazon-ssm-agent installed on the remote host is prior to 3.2.1705.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1866 advisory. 2023-10-30: CVE-2023-24540 was added to this advisory. The x/crypto/ssh package before...

SUSE CVE-2023-45680

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in startdecoder. In that case the function returns early, the f-commentlist is set to NULL, but f-commentlistlength is not reset. Later in vorbisdeinit it tries to...

PT-2023-32951 · Php · Php

Name of the Vulnerable Software and Affected Versions: Base64 Encoder/Decoder WordPress plugin versions 0.9.2 and earlier PHP versions prior to 8.0.30 PHP versions prior to 8.1.22 PHP versions prior to 8.2.8 Description: The issue concerns a lack of CSRF check in the Base64 Encoder/Decoder...

Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2023-388)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-388 advisory. The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server. CVE-2021-43565 A broken cryptographic algorithm flaw was foun...

Squid Request/Response Smuggling Vulnerability (GHSA-j83v-w3p4-5cqh, SQUID-2023:1)

Squid is prone to a request/response smuggling vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:squid-cache:squid";...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the startdecoder function, an attacker can execute arbitrary code by exploiting an integer overflow that leads to memory write past an allocated heap buffer. This is due to the potential integer overflow in...

Double Free

Overview Affected versions of this package are vulnerable to Double Free in the startdecoder function, an attacker can trigger memory allocation failure with a specially crafted file. This causes the function to return early, leaving some pointers in f-commentlist initialized. Later, setupfree is...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write when processing ogg vorbis files with the f-vendorlen = char'\0'; function. An attacker can trigger an out-of-bounds write by crafting a file that causes the len read in startdecoder to be -1, and len + 1 to become 0...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference when the startdecoder function processes a specially crafted file, it may trigger a memory allocation failure. An attacker can cause a denial of service by exploiting this failure. This is because the function...

DEBIAN-CVE-2023-45678

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in startdecoder because at maximum m-submaps can be 16 but submapfloor and submapresidue are declared as arrays of 15 elements. This issue may lead to code execution...

DEBIAN-CVE-2023-45680

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in startdecoder. In that case the function returns early, the f-commentlist is set to NULL, but f-commentlistlength is not reset. Later in vorbisdeinit it tries to...