EulerOS Virtualization 2.10.1 : python3 (EulerOS-SA-2023-1896)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows...

RHEL 8 : poppler (RHSA-2023:2810)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:2810 advisory. Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: integer overflow in JBIG2...

CentOS 8 : python27:2.7 (CESA-2023:2860)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:2860 advisory. - An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decode...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-1869)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a...

RHEL 9 : poppler (RHSA-2023:2259)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:2259 advisory. Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: integer overflow in JBIG2...

codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS

A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service DoS...

codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS

A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service DoS...

CVE-2023-2617 OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment null pointer dereference

A vulnerability classified as problematic was found in OpenCV wechatqrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decodedbitstreamparser.cpp. The manipulation leads to null pointer dereference. The...

kernel: cxl/port: Hold port reference until decoder release

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Hold port reference until decoder release KASAN + DEBUGKOBJECTRELEASE reports a potential use-after-free in cxldecoderrelease where it goes to reference its parent, a cxlport, to free its id back to port-decoderida. BUG...

golang: encoding/gob: stack exhaustion in Decoder.Decode

A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

freerdp: undefined behaviour in zgfx decoder

An out-of-bounds read vulnerability was discovered in FreeRDP due to missing a range check for input offset index in the ZGFX decoder. A malicious server can trick a FreeRDP based client to read out-of-bound data and try to decode it, resulting in a crash...

freerdp: out of bounds read in zgfx decoder

An out-of-bounds read vulnerability was found in the ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out-of-bound data and try to decode it. This will result in a crash, causing a denial of service...

Moderate: Red Hat Security Advisory: poppler security and bug fix update

An update for poppler is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

poppler: integer overflow in JBIG2 decoder using malformed files

An integer overflow issue was discovered in Popplers' JBIG2 decoder in the JBIG2Stream::readTextRegionSeg function in JBIGStream.cc file. This flaw allows an attacker to trick a user into opening a malformed PDF file or JBIG2 image in the application, triggering an integer overflow, which could...

ALSA-2023:2259 Moderate: poppler security and bug fix update

Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: integer overflow in JBIG2 decoder using malformed files CVE-2022-38784 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

Moderate: poppler security and bug fix update

Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: integer overflow in JBIG2 decoder using malformed files CVE-2022-38784 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

Prototype Pollution

@aedart/support is vulnerable to Prototype Pollution. The vulnerability exists in the resolveMetadataRecord function of meta.ts when merged with a base class metadata object in the meta decoder, which allows an attacker to inject properties into existing prototypes via the MetadataRecord attribut...

[SECURITY] Fedora 36 Update: libheif-1.15.2-1.fc36

libheif is an ISO/IEC 23008-12:2017 HEIF and AVIF AV1 Image File Format file format decoder and encoder...

[SECURITY] Fedora 38 Update: libheif-1.15.2-1.fc38

libheif is an ISO/IEC 23008-12:2017 HEIF and AVIF AV1 Image File Format file format decoder and encoder...

Security Bulletin: Multiple vulnerabilities in golang affect IBM Db2® REST

Summary IBM Db2® REST is affected by multiple vulnerabilities found in Golang Vulnerability Details CVEID:CVE-2022-41723 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the HPACK decoder. By sending a specially-crafted HTTP/2 stream, a remote attacker could exploi...