Medium: libwebp

Issue Overview: A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. CVE-2020-36330 A flaw was found in libwebp in versions...

Amazon Linux 2 : libwebp (ALAS-2023-2031)

The version of libwebp installed on the remote host is prior to 0.3.0-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2031 advisory. A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. T...

Medium: libwebp

Issue Overview: A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. CVE-2020-36330 A flaw was found in libwebp in versions...

FreeBSD : py-ansible -- multiple vulnerabilities (e1b77733-a982-442e-8796-a200571bfcf2)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the e1b77733-a982-442e-8796-a200571bfcf2 advisory. - A flaw was found in Ansible Base when using the awsssm connection plugin as garbage collecto...

haproxy: segfault DoS

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability...

CVE-2023-28625 mod_auth_openidc core dump when OIDCStripCookies is set and an empty Cookie header is supplied

modauthopenidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when OIDCStripCookies is set and a crafted cookie supplied, a NULL pointer dereference would occur,...

CVE-2023-27498 Memory Corruption vulnerability in SAP Host Agent (SAPOSCOL)

SAP Host Agent SAPOSCOL - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request which results in a memory corruption error. This error can be used to reveal but not modify any technical information about...

haproxy: segfault DoS

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability...

K11542555: iApps vulnerability CVE-2020-17507

Security Advisory Description An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. readxbmbody in gui/image/qxbmhandler.cpp has a buffer over-read. CVE-2020-17507 Impact An unauthenticated remote attacker can trick an administrator into processing a large file wi...

K14760551: Multiple libwebp vulnerabilities

Security Advisory Description CVE-2018-25009 A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability. CVE-2018-25010 A flaw was...

haproxy: segfault DoS

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability...

SUSE CVE-2020-14393

A buffer overflow was found in perl-DBI 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data...

SUSE CVE-2020-36332

A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability...

SUSE CVE-2021-3502

A flaw was found in avahi 0.8-5. A reachable assertion is present in avahishostnameresolverstart function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this...

Huawei EulerOS: Security Advisory for libwebp (EulerOS-SA-2023-1067)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of open-source development environments for UEFI EDK2 stems from access control deficiencies. This allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of open-source development environments for UEFI EDK2 is related to lack of access control mechanisms. Exploiting this vulnerability allows attackers to gain access to confidential data, compromise its integrity, and cause service failures...

NewStart CGSL MAIN 6.02 : libwebp Multiple Vulnerabilities (NS-SA-2022-0091)

The remote NewStart CGSL host, running version MAIN 6.02, has libwebp packages installed that are affected by multiple vulnerabilities: - A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16. CVE-2018-25009 - A heap-based buffer overflow was found in libwebp in...

CVE-2022-44547

The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability may affect the display service availability...

unbound: integer overflow in the regional allocator via the ALIGN_UP macro

A flaw was found in unbound. An integer overflow in the regional allocator via the ALIGNUP macro may lead to a buffer overflow if the size can be controlled by an attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability...

CVE-2022-3638

A flaw was found in NGINX. There is a possible memory leak in ngxresolver.c, which can affect service availability...