[SECURITY] Fedora 33 Update: python-impacket-0.9.22-3.fc33

Impacket is a collection of Python classes focused on providing access to network packets. Impacket allows Python developers to craft and decode netw ork packets in simple and consistent manner. It is highly effective when used in conjunction with a packet capture utility or package such as Pcapy...

PYSEC-2021-542

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.io.decoderaw produces incorrect results and crashes the Python interpreter when combining fixedlength and wider datatypes. The implementation of the padded...

[SECURITY] Fedora 32 Update: libopenmpt-0.4.20-1.fc32

libopenmpt is a cross-platform C++ and C library to decode tracked music files modules into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project Open ModPlug Tracker. In order to avoid code base fragmentation, libopenmpt is developed in the same source code...

Fedora: Security Advisory for libopenmpt (FEDORA-2021-9d4ea81052)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Path traversal

HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker can read arbitrary .md files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you are affected, you can t...

PT-2021-18238 · Hedgedoc · Hedgedoc

Name of the Vulnerable Software and Affected Versions: HedgeDoc affected versions not specified Description: The issue is related to an improper input validation in HedgeDoc, allowing an attacker to perform a relative path traversal and read arbitrary .md files from the server's filesystem. This...

SUSE: Security Advisory (SUSE-SU-2016:0727-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2015:1518-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2015:1383-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OSV-2021-646 Heap-use-after-free in std::__1::__tree_iterator<std::__1::__value_type<std::__1::basic_string<char, st

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33315 Crash type: Heap-use-after-free READ 8 Crash state: std::1::treeiteratorstd::1::valuetypestd::1::basicstringchar, st draco::Metadata::AddSubMetadata draco::MetadataDecoder::DecodeMetadata...

Denial Of Service (DoS)

Nanopb is vulnerable to denial of service. Decoding a specifically formed message can cause invalid free or realloc calls if the message type contains an oneof field, and the oneof directly contains both a pointer field and a non-pointer field. If the message data first contains the non-pointer...

EulerOS Virtualization 2.9.1 : python-pillow (EulerOS-SA-2021-1729)

According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.CVE-2020-5313 - An out-of-bounds write flaw was...

openvswitch: use-after-free in decode_NXAST_RAW_ENCAP during the decoding of a RAW_ENCAP action

Open vSwitch aka openvswitch has a use-after-free in decodeNXASTRAWENCAP called from ofpactdecode and ofpactsdecode during the decoding of a RAWENCAP action...

Authorization Before Parsing and Canonicalization in jetty

Release 9.4.37 introduced a more precise implementation of RFC3986 with regards to URI decoding, together with some new compliance modes to optionally allow support of some URI that may have ambiguous interpretation within the Servlet specified API methods behaviours. The default mode allowed %...

GHSA-V7FF-8WCX-GMC5 Authorization Before Parsing and Canonicalization in jetty

Release 9.4.37 introduced a more precise implementation of RFC3986 with regards to URI decoding, together with some new compliance modes to optionally allow support of some URI that may have ambiguous interpretation within the Servlet specified API methods behaviours. The default mode allowed %...

CVE-2021-24026

A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write...

CVE-2021-24026

A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write...

Out-of-bounds

A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write...

CVE-2021-24026

CVE-2021-24026 is a high-severity remote code execution flaw in WhatsApp’s audio decoding pipeline. A missing bounds check in the audio decoding path could allow an out-of-bounds write when processing calls, affecting WhatsApp for Android (pre-2.21.3) and WhatsApp Business for Android (pre-2.21.3...

CVE-2021-24026

A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write...