125 matches found
O-RAN RIC 安全漏洞
O-RAN RIC is a RIC application from O-RAN. A security vulnerability exists in O-RAN RIC I-Release e2mgr that stems from a missing array size check in RicServiceUpdateHandler...
PT-2024-2624 · Nghttp2 +10 · Nghttp2 +10
Name of the Vulnerable Software and Affected Versions: nghttp2 versions prior to 1.61.0 Description: The nghttp2 library keeps reading an unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync, causing excessive CPU usage to decode the HPACK...
PT-2024-3257 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.39.7 MediaWiki versions 1.40.x prior to 1.40.3 MediaWiki versions 1.41.x prior to 1.41.1 Description: An issue in the includes/specials/SpecialMovePage.php file of MediaWiki can lead to a denial of service. If a...
Ivanti Addresses Critical Vulnerability in Endpoint Manager
Summary: Ivanti addressed a critical vulnerability CVE-2023-39336 in its Endpoint Management software, ensuring secure usage for its 40,000 worldwide customers. The flaw, resolved in version 2022 Service Update 5, posed a risk of pre-authenticated sql injection and possibly Remote Code Injection ...
Important: postgresql15
Issue Overview: Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have not confirm...
Low: tar
Issue Overview: It was discovered that tar incorrectly handled extended attributes in PAX archives. An attacker could supply a specially crafted file and cause tar to crash, resulting in a denial of service. CVE-2023-39804 Affected Packages: tar Issue Correction: Run dnf update tar --releasever...
Important: grpc
Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Affected Packages: grpc Issue Correction: Run dnf update grpc --releaseve...
Important: nghttp2
Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Affected Packages: nghttp2 Issue Correction: Run dnf update nghttp2...
Service Update 1.18 for Microsoft Dynamics CRM (on-premises) 9.1
Service Update 1.18 for Microsoft Dynamics CRM on-premises 9.1 Dynamics 365 Introduction Service Update 9.1.18 for Microsoft Dynamics CRM on-premises 9.1 is now available. This article describes the hotfixes and updates that are included in Service Update 9.1.18. More information Update package|...
Service Update 0.47 for Microsoft Dynamics 365 9.0
Service Update 0.47 for Microsoft Dynamics 365 9.0 Dynamics 365 Introduction Service Update 9.0.47 for Microsoft Dynamics CRM on-premises 9.0 is now available. This article describes the hotfixes and updates that are included in Service Update 9.0.47. More information Update package| Version Numb...
Service Update 1.21 for Microsoft Dynamics CRM (on-premises) 9.1
Service Update 1.21 for Microsoft Dynamics CRM on-premises 9.1 Dynamics 365 Introduction Service Update 9.1.21 for Microsoft Dynamics CRM on-premises 9.1 is now available. This article describes the hotfixes and updates that are included in Service Update 9.1.21. More information Update package|...
Service Update 0.50 for Microsoft Dynamics CRM (on-premises) 9.0
Service Update 0.50 for Microsoft Dynamics CRM on-premises 9.0 Dynamics 365 Introduction Service Update 9.0.50 for Microsoft Dynamics CRM on-premises 9.0 is now available. This article describes the hotfixes and updates that are included in Service Update 9.0.50. More information Update package|...
Service Update 0.49 for Microsoft Dynamics CRM (on-premises) 9.0
Service Update 0.49 for Microsoft Dynamics CRM on-premises 9.0 Dynamics 365 Introduction Service Update 9.0.49 for Microsoft Dynamics CRM on-premises 9.0 is now available. This article describes the hotfixes and updates that are included in Service Update 9.0.49. More information Update package|...
Important: kernel
Issue Overview: KVM: arm64: Prevent unconditional donation of unmapped regions from the host NOTE: https://source.android.com/docs/security/bulletin/2023-08-01 NOTE: https://git.kernel.org/linus/09cce60bddd6461a93a5bf434265a47827d1bc6f CVE-2023-21264 A vulnerability was found due to a missing loc...
Medium: yasm
Issue Overview: Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file. CVE-2023-37732 Affected Packages: yasm Issue Correction: Run dnf update yasm --releasever 2023.1.20230809 or d...
Medium: bluez
Issue Overview: A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service. CVE-2022-0204 Affected Packages: bluez Issue Correction: Ru...
AgilePoint NX 路径遍历漏洞
AgilePoint NX is a cloud-based digital transformation platform from AgilePoint Japan that enables enterprise-class BPMS with no-code and low-code speed and agility. A security vulnerability exists in AgilePoint NX v8.0 SU2.2 and SU2.3 versions, which stems from a vulnerability that allows path...
PT-2023-19802 · Riot-Os · Riot-Os
Name of the Vulnerable Software and Affected Versions: RIOT-OS versions prior to 2022.10 Description: The issue affects the network stack of RIOT-OS, an operating system for Internet of Things devices, which can process 6LoWPAN frames. An attacker can send a crafted frame, resulting in a large ou...
Service Update 1.17 for Microsoft Dynamics CRM (on-premises) 9.1
Service Update 1.17 for Microsoft Dynamics CRM on-premises 9.1 Dynamics 365 Introduction Service Update 9.1.17 for Microsoft Dynamics CRM on-premises 9.1 is now available. This article describes the hotfixes and updates that are included in Service Update 9.1.17. More information Update package|...
Medium: dnsmasq
Issue Overview: A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service. CVE-2022-0934 Affected Packages: dnsmasq Issue Correction: Run dnf update dnsmasq...