Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-1249)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-22315

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a proprietary local area network LAN protocol that does not verify updates to the device. An attacker could upload a malformed update file to the device and execute arbitrary code...

golang: net/http: handle server errors after sending GOAWAY

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

MGASA-2023-0008 Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.88 and fixes atleast the following security issues: A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first grufileunlockedioctl function is called by the user, where a fail pass occurs in the...

CVE-2023-21837

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle...

GSD-2023-1000369 net: hsr: Fix potential use-after-free

net: hsr: Fix potential use-after-free This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.301 by commit...

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

...

CVE-2022-46173 Elrond go Processing: fallback search of SCRs when not found in the main cache

Elrond-GO is a go implementation for the Elrond Network protocol. Versions prior to 1.3.50 are subject to a processing issue where nodes are affected when trying to process a cross-shard relayed transaction with a smart contract deploy transaction data. The problem was a bad correlation between t...

The vulnerability of the Home Network Administration Protocol (HNAP) implementation in D-Link DIR-1935 router microsoftware allows a hacker to circumvent security restrictions.

The vulnerability of the Home Network Administration Protocol HNAP implementation in D-Link DIR-1935 router microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions remotely...

Moderate: Red Hat Security Advisory: xmlrpc-c security update

An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Moderate: xmlrpc-c security update

XML-RPC is a remote procedure call RPC protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC remote procedure call over the Internet. It converts an RPC into an XML document,...

OpenJDK: missing SNI caching in HTTP/2 (Networking, 8289366)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerabilit...

Microsoft Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

Microsoft Windows Point-to-Point Tunneling Protocol PPTP is a network protocol from Microsoft Corporation that allows secure transmission of data from a remote client to a private enterprise server by creating a virtual private network VPN over a TCP/IP-based data network. A remote code execution...

ISC DHCP 安全漏洞

ISC DHCP is a set of open source Dynamic Host Configuration Protocol server software from ISC. ISC DHCP has a buffer overflow vulnerability that stems from the lack of validation of the DHCP server's system for the length of DHCP packets tagged with fqdn, which can be exploited by attackers to...

USN-5650-1 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities

It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 It was...

The vulnerability of the TCP/IP protocol implementation in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the TCP/IP protocol implementation in Windows operating systems is related to errors in processing input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2022-007)

The version of kernel installed on the remote host is prior to 5.15.59-33.133. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2022-007 advisory. An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a...

PT-2022-4787 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows versions prior to the fixed version Description: The vulnerability is related to errors in handling input data in the implementation of the TCP/IP protocol in Windows operating systems. This issue allows a remote attacker to execute...

CVE-2022-36061

Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.35, read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract's B...

CVE-2022-36061 Elrond go can execute on same context checks in VM

Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.35, read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract's B...