CLSA-2022-1669237735 python2: Fix of CVE-2022-45061

CVE-2022-45061: Fix quadratic time idna decoding - fix tests to be compatible with expat 2.2.5...

CLSA-2022-1669237532 python3: Fix of CVE-2022-45061

CVE-2022-45061: Fix quadratic time idna decoding...

python: Fix of CVE-2022-45061

CVE-2022-45061: Fix quadratic time idna decoding - fix tests to be compatible with expat 2.0.1-tuxcare.els...

CLSA-2022-1669236630 python: Fix of CVE-2022-45061

CVE-2022-45061: Fix quadratic time idna decoding - fix tests to be compatible with expat 2.0.1-tuxcare.els...

openvswitch: use-after-free in decode_NXAST_RAW_ENCAP during the decoding of a RAW_ENCAP action

Open vSwitch aka openvswitch has a use-after-free in decodeNXASTRAWENCAP called from ofpactdecode and ofpactsdecode during the decoding of a RAWENCAP action...

SUSE: Security Advisory (SUSE-SU-2022:4071-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:4071-1 Security update for python39

This update for python39 fixes the following issues: Security fixes: - CVE-2022-42919: Fixed local privilege escalation via the multiprocessing forkserver start method bsc1204886. - CVE-2022-45061: Fixed a quadratic IDNA decoding time bsc1205244. Other fixes: - Allow building of documentation wit...

CVE-2022-39317 Out of bounds read in zgfx decoder in FreeRDP

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in versio...

Cisco Secure Email Gateway Malware Detection Evasion Vulnerability

Cisco Secure Email Gateways, formerly known as Cisco Ironport Email Security Appliances, that are configured to detect malicious email attachments, can easily be circumvented. A remote attacker can leverage error tolerance and different MIME decoding capabilities of email clients, compared with t...

SUSE-SU-2022:4004-1 Security update for python310

This update for python310 fixes the following issues: Security fixes: - CVE-2022-42919: Fixed local privilege escalation via the multiprocessing forkserver start method bsc1204886. - CVE-2022-45061: Fixed a quadratic IDNA decoding time bsc1205244. Other fixes: - allow building of documentation wi...

Cisco Secure Email Gateway Malware Detection Evasion

This report is being published within a coordinated disclosure procedure. The researcher has been in contact with the vendor but not received a satisfactory response within a given time frame. As the attack complexity is low and exploits have already been published by a third party there must be ...

GO-2022-1098 Denial of service in message decoding in github.com/btcsuite/btcd

Erroneous message decoding can cause denial of service. Improper checking of maximum witness size during node message decoding prevented nodes in Lightning Labs lnd before 0.15.2-beta to sync...

USN-5688-1 libksba vulnerability

It was discovered that an integer overflow could be triggered in Libksba when decoding certain data. An attacker could use this issue to cause a denial of service application crash or possibly execute arbitrary code...

Important: runc

Issue Overview: Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. CVE-2022-1705 Uncontrolled...

MediaTek 芯片安全漏洞

MediaTek Inc. is the world's fourth largest fab semiconductor company and a market leader in mobile devices, smart home applications, wireless connectivity technologies and IoT products, with approximately 1.5 billion devices with MediaTek chips built into them hitting the market around the world...

Nextcloud: Secure view trivial to bypass

The secure view feature in Nextcloud was vulnerable to bypassing, allowing users to download files without watermarks. This was possible by using the richdocuments app and adding "/contents" to the URL. The checkbox indicating that downloading is not allowed was misleading, and a solution could b...

UBUNTU-CVE-2022-3266

An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

CVE-2022-3266

An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

Mozilla: Out of bounds read when decoding H264

The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash...

Mozilla: Out of bounds read when decoding H264

The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash...