tcpdump 缓冲区错误漏洞

tcpdump is a set of sniffing tools from Tcpdump team running under command line. The tool is mainly used for packet analysis and network traffic capturing, among others. A security vulnerability exists in tcpdump version 4.99.3, which stems from an SMB protocol decoder that can perform...

CVE-2023-20684

In vdec, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07671069; Issue ID: ALPS07671069...

Amazon Linux AMI : python38 (ALAS-2023-1714)

The version of python38 installed on the remote host is prior to 3.8.5-1.9. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1714 advisory. An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing...

Important: python38

Issue Overview: An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service...

Important: python27

Issue Overview: An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service...

Security Bulletin: CVE-2022-41723 may affect IBM CICS TX Standard

Summary CVE CVE-2022-41723 may affect IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVE. Relevant Go related packages have been upgraded. Vulnerability Details CVEID:CVE-2022-41723 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the HPACK...

codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS

A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service DoS...

codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS

A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service DoS...

codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS

A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service DoS...

SUSE: Security Advisory (SUSE-SU-2023:0677-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 37 : gmailctl (2023-ca444fdecf)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-ca444fdecf advisory. Rebuild for CVE-20220-3064,41717,41723 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Fedora 36 : gmailctl (2023-abb47e24d8)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-abb47e24d8 advisory. Rebuild for CVE-20220-3064,41717,41723 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

ROS-20230322-01

A vulnerability in the HEIF and AVIF libheif file format decoder is related to the data parsing code of strided images in the emscripten wrapper for libheif. Exploitation of the vulnerability could allow an attacker acting remotely to use a specially crafted image file to cause a buffer overflow ...

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2023-104)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-104 advisory. Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non- default configuration. The Python multiprocessing library, when used with the forkserver...

golang: encoding/gob: stack exhaustion in Decoder.Decode

A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

Design/Logic Flaw

Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decodercontext::processslicesegmentheader at decctx.cc...

PT-2023-2356 · Libde265 +5 · Libde265 +5

Name of the Vulnerable Software and Affected Versions: Libde265 version 1.0.11 Description: The issue is related to a segmentation violation via the decoder context::process slice segment header function at decctx.cc. This vulnerability is associated with pointer dereference errors in the h.265...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.20 (SUSE-SU-2023:0735-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0735-1 advisory. - A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the...

CVE-2023-27102

Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decodercontext::processslicesegmentheader at decctx.cc...

Libde265 代码问题漏洞

Libde265 is a German h.265 video codec. A security vulnerability exists in Libde265 version v1.0.11, which stems from a segmentation violation discovered via the decodercontext::processslicesegmentheader function in decctx.cc...