1157 matches found
golang: crypto/tls: lack of a limit on buffered post-handshake
A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size...
PT-2023-9631 · Oracle +4 · Mysql Server +3
Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.37 and prior MySQL Server versions 8.4.0 and prior Description: The issue is related to insufficient input validation in the Server: Optimizer component of the Oracle MySQL Server system management database. This can...
Moderate: wireshark security update
The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Security Fixes: wireshark: RTPS dissector crash CVE-2023-0666 wireshark: VMS TCPIPtrace file parser crash CVE-2023-2856 wireshark: NetScaler file parser crash...
ALSA-2023:7015 Moderate: wireshark security update
The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Security Fixes: wireshark: RTPS dissector crash CVE-2023-0666 wireshark: VMS TCPIPtrace file parser crash CVE-2023-2856 wireshark: NetScaler file parser crash...
Moderate: Red Hat Security Advisory: wireshark security update
An update for wireshark is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Moderate: wireshark security update
The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Security Fixes: wireshark: RTPS dissector crash CVE-2023-0666 wireshark: IEEE C37.118 Synchrophasor dissector crash CVE-2023-0668 wireshark: Candump log file parser cra...
ALSA-2023:6469 Moderate: wireshark security update
The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Security Fixes: wireshark: RTPS dissector crash CVE-2023-0666 wireshark: IEEE C37.118 Synchrophasor dissector crash CVE-2023-0668 wireshark: Candump log file parser cra...
ROS-20231107-01
Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a stream of requests within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementatio...
Ubuntu: Security Advisory (USN-6461-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
golang: crypto/tls: panic when processing post-handshake message on QUIC connections
A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic...
The vulnerability of the prog.cgi component in D-Link DIR-3040 wireless router software allows a hacker to execute arbitrary code.
The vulnerability of the prog.cgi component in D-Link DIR-3040 wireless router software lies in the fact that the operation’s output escapes the buffer and is stored in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending specially crafted HNAP...
CVE-2023-46752
An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MPREACHNLRI data, leading to a crash...
The vulnerability of the network management system for monitoring and managing industrial networks in SINEC NMS, related to improper data cleaning in the SNMP configuration, allows a attacker to execute XSS attacks.
The vulnerability of the network management system for monitoring and managing industrial networks in SINEC NMS is related to improper data cleaning in the SNMP configuration. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
The vulnerability of the Requisition and Vacancy component of the Oracle iRecruitment software platform, a part of the Oracle E-Business Suite, allows a malicious individual to gain access to read, modify, or delete data.
The vulnerability of the Requisition and Vacancy component of the Oracle iRecruitment software platform, a part of the Oracle E-Business Suite, involves insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain access to read, modify, or delete data usin...
The vulnerability of the InnoDB component of the MySQL Database Server, which allows a hacker to cause a service failure
The vulnerability of the InnoDB component in the MySQL Database Management System is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions using the MySQL network protocol...
The vulnerability of the InnoDB component of the MySQL Database Server, which allows a hacker to cause a service failure
The vulnerability of the InnoDB component in the MySQL Database Management System is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions using the MySQL network protocol...
Vulnerability of the Server component: The Optimizer component of the MySQL Server database management system, which allows a hacker to cause a service failure.
The vulnerability of the MySQL Server component of the database management system involves insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions using the MySQL network protocol...
Vulnerability of the Server component: The Optimizer component of the MySQL Server database management system, which allows a hacker to cause a service failure.
The vulnerability of the MySQL Server component of the database management system involves insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions using the MySQL network protocol...
The vulnerability of the Java VM component of the Oracle Database Server management system allows a hacker to gain access to read, modify, or delete data.
The vulnerability of the Java VM component of the Oracle Database Server management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to read, modify, or delete data using the Oracle Net network protocol...
SUSE SLES15: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2023:4095-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4095-1 advisory. The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixe...