155 matches found
SUSE CVE-2016-6323
The makecontext function in the GNU C Library aka glibc or libc6 before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI 32-bit platforms, which might allow context-dependent attackers to cause a denial of service hang, as demonstrated by applications compiled using gccg...
SUSE CVE-2017-17913
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type...
RUSTSEC-2023-0028 buf_redux is Unmaintained
Last release was over three years ago. The maintainers have been unreachable to respond to any issues that may or may not include security issues. The repository is now archived and there is no security policy in place to contact the maintainers otherwise. The safety-undocumented unsafe in the...
buf_redux is Unmaintained
Last release was over three years ago. The maintainers have been unreachable to respond to any issues that may or may not include security issues. The repository is now archived and there is no security policy in place to contact the maintainers otherwise. The safety-undocumented unsafe in the...
The vulnerability of the EAP-pwd client implementation for Wi-Fi WPA Supplicant allows information disclosure due to incompatibility, enabling attackers to expose sensitive information.
The vulnerability of the EAP-pwd client implementation for Wi-Fi WPA Supplicant is related to the disclosure of information due to incompatibility. This vulnerability allows a malicious actor to disclose the protected information remotely...
The vulnerability of the SAE implementation for secure Wi-Fi access control software, WPA Supplicant, arises from information disclosure due to incompatibility. This allows attackers to expose the protected information.
The vulnerability of the SAE implementation for the Wi-Fi Protected Access Point’s WPA Supplicant is related to the disclosure of information due to incompatibility. This vulnerability allows a malicious actor to disclose the protected information remotely...
The vulnerability of the TLS implementation in Cisco Firepower Threat Defense’s microprogramming network interface devices allows attackers to gain unauthorized access to protected information.
The vulnerability of the TLS implementation in Cisco Firepower Threat Defense’s microprogramming network interface controllers is related to the disclosure of information due to incompatibility. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access...
Design/Logic Flaw
The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the '' characters in URIs, which can lead to auth bypass in webapp...
The vulnerability of Intel microprogramming software, related to the disclosure of information through incompatibility, allows attackers to disclose protected information.
The vulnerability of Intel microprogramming software is related to the disclosure of information through incompatibility. Exploiting this vulnerability can allow an intruder to disclose the protected information...
Upgraded Q -> H from 104 [1656255316696]
Judge has assessed an item in Issue 104 as High risk. The relevant finding follows: L02: Incompatibility with ERC-4626 Line References Description The EIP-4626 specification requires that totalAssets to NOT revert, but the current implementation does so in the underlying methods: int256...
[SECURITY] Fedora 36 Update: python2.7-2.7.18-22.fc36
Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especial ly how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been...
GHSA-7MHC-PRGV-R3Q4 Access of Resource Using Incompatible Type in Hermes
By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. This could result in segmentation fault as a consequence of type confusion error,...
SUSE-SU-2021:3602-1 Security update for tomcat
This update for tomcat, javapackages-tools fixes the following issue: Security issue fixed: - CVE-2021-30640: Escape parameters in JNDI Realm queries bsc1188279. - CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients bsc1188278. - CVE-2021-41079: Fixed a denial of service...
The vulnerability of the SysController and MailHandlerController components of the Redmine project and task management web application, related to the disclosure of information due to incompatibility, allows a hacker to gain access to confidential data.
The vulnerability of the SysController and MailHandlerController components in the Redmine project and task management web application is related to changes in the time required for string comparison operations. Exploiting this vulnerability could allow a malicious actor to gain access to...
RM: calibre/buster-backports -- ROM; no security support; bpo10s of a newer version are impossible
Dear Backports admins, I am requesting the removal of calibre from buster-backports, because it has no security support and because newer versions of Calibre depend on a newer Qt version that cannot be backported. I delayed this request until Bullseye was released, so that users would have a...
The vulnerability of the Linux operating system’s kernel, related to information disclosure through discrepancies, allows attackers to read a portion of the kernel’s memory.
The vulnerability of the Linux operating system’s kernel is related to the exposure of information through incompatibility. Exploiting this vulnerability allows an attacker to read a portion of the kernel’s memory...
The vulnerability of the Linux operating system’s kernel, related to the exposure of information through inconsistencies, allows attackers to obtain confidential information.
The vulnerability of the Linux operating system’s kernel is related to the exposure of information through incompatibility. Exploiting this vulnerability can allow an attacker to obtain confidential information...
The vulnerability of Intel microprogramming software, related to the disclosure of information through incompatibility, allows attackers to disclose protected information.
The vulnerability of Intel microprogramming software is related to the disclosure of information through incompatibility. Exploiting this vulnerability can allow an attacker to disclose the protected information...
Incompatability with deflationary / fee-on-transfer tokens
Handle cmichel Vulnerability details Vulnerability Details The DInterest.deposit function takes a depositAmount parameter but this parameter is not the actual transferred amount for fee-on-transfer / deflationary or other rebasing tokens. Impact The actual deposited amount might be lower than the...
SUSE: Security Advisory (SUSE-SU-2017:2616-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...