GHSA-JMHJ-VH4Q-HHMQ tkvideo has a memory issue in playing videos

Huge memory consumption even when playing small files. This issue has been patched in 2.0.0. Please upgrade to version 2.0.0 or above...

PT-2022-12157 · Fis +3 · Fis Gt.M +3

Name of the Vulnerable Software and Affected Versions: FIS GT.M versions through V7.0-000 Description: An issue allows attackers to cause a calculation of the size of calls to memset in op fnj3 in sr port/op fnj3.c to result in an extremely large value, leading to a segmentation fault and crashin...

GHSA-VRCC-G6VJ-MH5W Denial of service in go-ethereum

Go-Ethereum v1.10.9 was discovered to contain an issue which allows attackers to cause a denial of service DoS via sending an excessive amount of messages to a node. This is caused by missing memory in the component /ethash/algorithm.go...

USN-5333-2 apache2 vulnerabilities

USN-5333-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Chamal De Silva discovered that the Apache HTTP Server modlua module incorrectly handled certain crafted request bodies. A remote...

Ethereum Go-ethereum 安全漏洞

Ethereum Go-ethereum is a codebase from the Ethereum community that implements the ethereum protocol in the Go language. Ethereum Go-ethereum version 1.10.9 A security vulnerability exists that stems from a missing memory in the component /ethash/algorithm.go. The vulnerability allows an attacker...

PT-2022-15565 · Apple · Ipados +6

Name of the Vulnerable Software and Affected Versions: Apple tvOS versions prior to 15.4 Apple iOS versions prior to 15.4 Apple iPadOS versions prior to 15.4 Apple iTunes versions prior to 12.12.3 for Windows Apple watchOS versions prior to 8.5 Apple macOS Monterey versions prior to 12.3...

Unbreakable Enterprise kernel-container security update

4.14.35-2047.511.5.2.el7 - cgroup-v1: Require capabilities to set releaseagent Eric W. Biederman Orabug: 33876756 CVE-2022-0492 - scsi: libiscsi: Hold backlock when calling iscsicompletetask Gulam Mohamed Orabug: 33876755 4.14.35-2047.511.5.1 - arm64, mm, efi: Account for GICv3 LPI tables in stat...

The vulnerability of the Omnibox address bars in Google Chrome and Microsoft Edge allows a hacker to execute arbitrary code.

The vulnerability of the Omnibox address bar in Google Chrome and Microsoft Edge is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created web page...

CVE-2021-44142

The Samba vfsfruit module uses extended file attributes EA, xattr to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfsfruit configured allow out-of-bounds heap read and wri...

USN-5258-1 weechat vulnerabilities

Stuart Nevans Locke discovered that WeeChat's relay plugin insecurely handled malformed websocket frames. A remote attacker in control of a server could possibly use this issue to cause denial of service in a client. CVE-2021-40516 Stuart Nevans Locke discovered that WeeChat insecurely handled...

CVE-2022-23567

Tensorflow is an Open Source Machine Learning Framework. The implementations of SparseCwise ops are vulnerable to integer overflows. These can be used to trigger large allocations so, OOM based denial of service or CHECK-fails when building new TensorShape objects so, assert failures based denial...

AZL-33641 CVE-2021-44716 affecting package rook for versions less than 1.6.2-19

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

CVE-2021-45694

The CVE-2021-45694 issue affects the Rust rdiff crate, with vulnerability described as a window may read from uninitialized memory locations. Multiple connected records (OSV entries, GitHub advisory GHSA- codes, CNVD/CNNVD, NVD, and RustSec references) corroborate that the defect involves reading...

PT-2024-7106 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the KVM Kernel-based Virtual Machine component of the Linux kernel, specifically with the x86/mmu Memory Management Unit module. The problem arises when the...

PT-2021-6102 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to v5.16-rc5 Description: The issue is related to the check alu op function in kernel/bpf/verifier.c, which did not properly update bounds while handling the mov32 instruction. This allows local users to obtain...

CLSA-2021-1639578578 Fixed CVEs in vim: CVE-2021-3974, CVE-2021-4019, CVE-2021-3973, CVE-2021-4069, CVE-2021-3984

CVE-2021-3974: fix using freed memory with regexp using a mark - CVE-2021-3984: fix illegal memory access when C-indenting - CVE-2021-3973: fix crash when using CTRL-W f without finding a file name - CVE-2021-4019: fix buffer overflow with long help argument - CVE-2021-4069: fix using freed...

UBUNTU-CVE-2021-22095

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...

EulerOS Virtualization 2.9.0 : libssh (EulerOS-SA-2021-2787)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime...

EulerOS 2.0 SP9 : libssh (EulerOS-SA-2021-2691)

According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session...

CVE-2021-34598 Phoenix Contact: FL MGUARD lack of memory release in remote logging functionality

In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active...