libIEC61850 Security Vulnerabilities

libIEC61850 is an open source library for the IEC 61850 protocol open source by MZ Automation. A security vulnerability exists in libIEC61850 version v1.5, which originates from a heap overflow contained in the BerEncoderencodeLength function in /asn1/berencoder.c. The vulnerability is caused by...

Zendframework Potential XSS or HTML Injection vector in Zend_Json

ZendJsonEncoder was not taking into account the solidus character / during encoding, leading to incompatibilities with the JSON specification, and opening the potential for XSS or HTML injection attacks when returning HTML within a JSON string...

Fedora: Security Advisory for rust-rav1e (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2020-27823

A flaw was found in OpenJPEG's encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

SUSE CVE-2020-27824

A flaw was found in OpenJPEG's encoder in the opjdwtcalcexplicitstepsizes function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability...

RHEL 4 : openssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssl: Memory corruption in the ASN.1 encoder CVE-2016-2108 - Rejected reason: DO NOT USE THIS CANDIDAT...

[SECURITY] Fedora 39 Update: rust-rav1e-0.7.1-2.fc39

The fastest and safest AV1 encoder...

Internet Bug Bounty: CVE-2024-32760 in nginx

CVE-2024-32760 was discovered in the HTTP/3 QUIC module of NGINX Plus and NGINX OSS. When the module was configured, undisclosed HTTP/3 encoder instructions could cause NGINX worker processes to terminate or experience other potential impact...

CVE-2024-32760

A flaw was found in the nginx HTTP/3 implementation. Undisclosed HTTP/3 encoder instructions can trigger an out-of-bounds write error, causing worker processes to crash, leading to a denial of service or other potential impacts. Mitigation Mitigation for this issue is either not available or the...

PT-2024-40340 · Symfony · Symfony

Name of the Vulnerable Software and Affected Versions: Symfony versions 2.0.x Description: The issue concerns the XMLEncoder component's failure to disable external entities when parsing XML, allowing for the inclusion of arbitrary files from the file system. This can be exploited in the Symfony2...

PT-2024-40376 · Symfony · Symfony

Name of the Vulnerable Software and Affected Versions: Symfony versions 2.0.x Description: The issue concerns the XMLEncoder component's failure to disable external entities when parsing XML, allowing for the inclusion of arbitrary files from the file system. This can be exploited in the Symfony2...

ALPINE-CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...

CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...

CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...

CVE-2024-32760 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...

The vulnerability of the `vidtv_s302m_encoder_init()` function in the `drivers/media/test-drivers/vidtv/vidtv_s302m.c` file of the Vidtv driver for the Linux operating system, which allows a hacker to cause a service failure.

The vulnerability of the vidtvs302mencoderinit function in the drivers/media/test-drivers/vidtv/vidtvs302m.c file of the Vidtv driver for the Linux operating system is related to the lack of code checks for the vzalloc function’s return value. Exploiting this vulnerability could allow an attacker...

Fedora: Security Advisory for rust-rav1e (FEDORA-2024-ce2936b568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: rust-rav1e-0.7.1-2.fc40

The fastest and safest AV1 encoder...

ALSA-2024:3095 Moderate: vorbis-tools security update

The vorbis-tools packages provide an encoder, a decoder, a playback tool, and a comment editor for Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format. Security Fixes: vorbis-tools: Buffer Overflow vulnerability CVE-2023-43361...

CVE-2021-47316 nfsd: fix NULL dereference in nfs3svc_encode_getaclres

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix NULL dereference in nfs3svcencodegetaclres In error cases the dentry may be NULL. Before 20798dfe249a, the encoder also checked dentry and dreallyispositivedentry, but that looks like overkill to me--zero status should ...