Important: rclone

Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Affected Packages: rclone Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run y...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.3.5 security update

Red Hat OpenShift Service Mesh 2.3.5 Containers Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.2.8 security update

Red Hat OpenShift Service Mesh 2.2.8 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...

CVE-2023-24480

Controller DoS due to stack overflow when decoding a message from the server. See Honeywell Security Notification for recommendations on upgrading and versioning...

Stack overflow

Controller DoS due to stack overflow when decoding a message from the server...

CVE-2023-24480

CVE-2023-24480 describes a DoS caused by a stack overflow when decoding a server message in Honeywell Experion PKS, LX, and PlantCruise. Connected sources indicate the vulnerability can be exploited remotely (low attack complexity) and affect Honeywell products; Honeywell’s advisory notes upgradi...

CVE-2023-24480 Controller stack overflow when decoding messages from the server

Controller DoS due to stack overflow when decoding a message from the server. See Honeywell Security Notification for recommendations on upgrading and versioning...

CVE-2023-24480 Controller stack overflow when decoding messages from the server

Controller DoS due to stack overflow when decoding a message from the server. See Honeywell Security Notification for recommendations on upgrading and versioning...

Honeywell Products 缓冲区错误漏洞

Honeywell Products is a family of products from Honeywell USA. Honeywell Products suffers from a buffer error vulnerability that originates from a stack overflow when decoding a message from a server, resulting in a controller DoS...

golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests...

USN-6208-1 golang-websocket vulnerability

It was discovered that Gorilla WebSocket incorrectly handled decoding WebSocket frames. An attacker could possibly use this issue to cause a crash, resulting in a denial of service...

CVE-2022-48512

Use After Free UAF vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally...

CVE-2022-48512

Use After Free UAF vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally...

Design/Logic Flaw

Use After Free UAF vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally...

CVE-2022-48512

CVE-2022-48512 is a Use-After-Free (UAF) vulnerability in the Vdecoderservice component used by Huawei HarmonyOS/EMUI and related platforms. The issue, if exploited, may cause the image decoding feature to behave abnormally. Public documentation among the connected records confirms Vdecoderservic...

CVE-2022-48512

Use After Free UAF vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally...

CVE-2022-48512

Use After Free UAF vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally...

CVE-2023-35790

An issue was discovered in decpatchdictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an infinite loop...

ROS-2-1481

2.1481 Multiple vulnerabilities in libwebp 1. Vulnerability Description: CVE-2020-36332 A vulnerability in the libwebp library for encoding and decoding WebP images, is related to improper control of internal resource consumption. Exploitation of the vulnerability could allow an attacker acting...

Milesight UR32L uhttpd login buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1697 Milesight UR32L uhttpd login buffer overflow vulnerability July 6, 2023 CVE Number CVE-2023-23902 SUMMARY A buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead ...