11152 matches found
Security Bulletin: IBM Suite License Service uses commons-compress-1.25.0.jar which is vulnerable to CVE-2024-26308 and CVE-2024-25710.
Summary IBM Suite License Service uses commons-compress-1.25.0.jar which is vulnerable to CVE-2024-26308 and CVE-2024-25710. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is vulnerabl...
Infinite Loop
github.com/envoyproxy/envoy is vulnerable to an Infinite Loop. The vulnerability is caused when handling Brotli-compressed data with extra input, which causes the system to consume excessive resources and potentially become unresponsive to legitimate traffic. An attacker can exploit this with a...
The vulnerability of the inflate_buffer() function in the VNC server QEMU, which allows a hacker to cause a service failure
The vulnerability of the inflatebuffer function in the VNC server QEMU is related to an incorrect exit condition, which leads to an infinite loop during buffer inflation using zlib. Exploiting this vulnerability allows a remote attacker to cause service interruptions...
GO-2024-2880 Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop in github.com/traefik/traefik
Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop in github.com/traefik/traefik...
golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...
golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...
SUSE CVE-2024-35825
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Fix handling of zero block length packets While connecting to a Linux host with CDCNCMNTBDEFSIZETX set to 65536, it has been observed that we receive short packets, which come at interval of 5-10 seconds sometim...
PT-2024-25023 · Unknown · Envoyproxy
Name of the Vulnerable Software and Affected Versions: Envoyproxy affected versions not specified Description: The issue arises when Envoyproxy, equipped with a Brotli filter, encounters an endless loop during the decompression of Brotli data that contains extra input. This can occur in Envoy, a...
RHEL 6 : libxtst (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libXtst: Insufficient validation of server responses result in Integer overflows CVE-2016-7951 - X.org...
RHEL 8 : file-type (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - file-type: a malformed MKV file could cause the file type detector to get caught in an infinite loop CVE-2022-36313...
RHEL 9 : pcre2 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop CVE-2022-41409 Note that Nessus ha...
RHEL 8 : golang (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: Command-line arguments may overwrite global data CVE-2021-38297 - In archive/zip in Go before...
RHEL 8 : gd (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gd: Information disclosure in gdImageCreateFromXbm CVE-2019-11038 - gdgifin.c in the GD Graphics Library...
RHEL 8 : libsass (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - libsass: Infinite loop in Sass::Inspect::operator function resulting in a denial of service CVE-2018-19826 Note tha...
RHEL 7 : soundtouch (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - soundtouch: Heap-based buffer overflow in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock potentially...
RHEL 8 : xen (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - QEMU: infinite loop in xhciringchainlength in hw/usb/hcd-xhci.c CVE-2020-14394 Note that Nessus has not tested for...
RHEL 6 : commons-compress (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file CVE-2024-25710 Note that...
RHEL 8 : 8.2_qemu-kvm (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - QEMU: vhost-user-gpu: out-of-bounds write in virglcmdgetcapset CVE-2021-3546 - hw/net/e1000ecore.c in QEM...
RHEL 7 : qpdf (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - qpdf: stack exhaustion in QPDFObjectHandle and QPDFDictionary classes in libqpdf.a CVE-2018-9918 - An iss...
RHEL 7 : byacc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - byacc: malloc incorrectly accessing released memory leads to use after free CVE-2021-33641 - When a file ...