krb5 security update

1.15.1-51.0.1 - Add recursion limit for ASN.1 indefinite lengths Orabug: 32582360 1.15.1-51 - Fix KDC null deref on TGS inner body null server CVE-2021-37750 - Resolves: 1997599...

AZL-7416 CVE-2021-39929 affecting package wireshark for versions less than 3.4.14-1

Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file...

Design/Logic Flaw

Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file...

CVE-2021-39929

CVE-2021-39929 affects the Bluetooth DHT dissector in Wireshark, causing Denial of Service via packet injections or crafted capture files for Wireshark 3.4.0–3.4.9 and 3.2.0–3.2.17 due to uncontrolled recursion. Remediation is upgrading Wireshark to a fixed version (e.g., 3.4.10+ per Debian/Alt L...

PT-2021-5595 · Wireshark +5 · Wireshark +5

Name of the Vulnerable Software and Affected Versions: Wireshark versions 3.2.0 through 3.2.17 Wireshark versions 3.4.0 through 3.4.9 Description: The issue is caused by uncontrolled recursion in the Bluetooth DHT dissector. This can be exploited by a remote attacker to cause a denial of service ...

edk2: unlimited FV recursion, round 2

A flaw was found in edk2. An unlimited recursion in DxeCore may allow an attacker to corrupt the system memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

PYSEC-2021-820

TensorFlow is an open source platform for machine learning. In affected versions the code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive. This occurs due to using a non-reentrant Lock Python object. Loading any model which...

PYSEC-2021-820

TensorFlow is an open source platform for machine learning. In affected versions the code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive. This occurs due to using a non-reentrant Lock Python object. Loading any model which...

PYSEC-2021-405

TensorFlow is an open source platform for machine learning. In affected versions the code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive. This occurs due to using a non-reentrant Lock Python object. Loading any model which...

PYSEC-2021-622

TensorFlow is an open source platform for machine learning. In affected versions the code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive. This occurs due to using a non-reentrant Lock Python object. Loading any model which...

Google TensorFlow 资源管理错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A resource management error vulnerability exists in Google TensorFlow, which stems from the fact that when two tf.function-modified Python functions recurse on each other, the code behind the tf.functio...

The vulnerability of the sorting function in the library for viewing, creating, and editing DjVu files, related to an uncontrolled recursion, allows a hacker to cause service failures.

The vulnerability of the sorting function in the library for viewing, creating, and editing DjVu files in DjVuLibre is related to an uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor to cause service failures...

F5 Networks BIG-IP : cURL vulnerability (K61186963)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3 / 17.5.1.1. It is, therefore, affected by a vulnerability as referenced in the K61186963 advisory. curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP...

NewStart CGSL CORE 5.04 / MAIN 5.04 : glibc Multiple Vulnerabilities (NS-SA-2021-0095)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has glibc packages installed that are affected by multiple vulnerabilities: - The posixspawnfileactionsaddopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allo...

The vulnerability of the ati-vga hardware emulation component in QEMU, related to uncontrolled recursion, allows a hacker to trigger a service failure.

The vulnerability of the ati-vga hardware emulation component in QEMU is related to an uncontrolled recursion. Exploiting this vulnerability can allow an attacker to cause a system failure...

UniswapV2/SushiwapLPAdapter update the wrong token

Handle cmichel Vulnerability details The UniswapV2LPAdapter/SushiswapV2LPAdapter.update function retrieves the underlying from the LP token pair asset but then calls router.updateasset, proof which is the LP token itself again. This will end up with the router calling this function again...

NewStart CGSL MAIN 6.02 : binutils Multiple Vulnerabilities (NS-SA-2021-0122)

The remote NewStart CGSL host, running version MAIN 6.02, has binutils packages installed that are affected by multiple vulnerabilities: - findabstractinstance in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32, allows remote attackers to cause a...

NewStart CGSL CORE 5.05 / MAIN 5.05 : libcroco Vulnerability (NS-SA-2021-0160)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libcroco packages installed that are affected by a vulnerability: - libcroco through 0.6.13 has excessive recursion in crparserparseanycore in cr-parser.c, leading to stack consumption. CVE-2020-12825 Note that Nessus has n...

NewStart CGSL CORE 5.05 / MAIN 5.05 : bind Multiple Vulnerabilities (NS-SA-2021-0137)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has bind packages installed that are affected by multiple vulnerabilities: - A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, throu...

ICONICS GENESIS64 and Mitsubishi Electric MC Works64 OPC UA

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendors: ICONICS, Mitsubishi Electric Equipment: ICONICS GENESIS64, Mitsubishi Electric MC Works64 Vulnerability: Uncontrolled Recursion 2. RISK EVALUATION Successful exploitation of this vulnerability could...