Microsoft’s Response to CVE-2022-22965 Spring Framework

Summary Microsoft used the Spring Framework RCE, Early Announcement to inform analysis of the remote code execution vulnerability, CVE-2022-22965, disclosed on 31 Mar 2022. We have not to date noted any impact to the security of our enterprise services and have not experienced any degraded servic...

Microsoft’s Response to CVE-2022-22965 Spring Framework

Summary Microsoft used the Spring Framework RCE, Early Announcement to inform analysis of the remote code execution vulnerability, CVE-2022-22965, disclosed on 31 Mar 2022. We have not to date noted any impact to the security of our enterprise services and have not experienced any degraded servic...

Microsoft’s Response to CVE-2022-22965 Spring Framework

Summary Summary Microsoft used the Spring Framework RCE, Early Announcement to inform analysis of the remote code execution vulnerability, CVE-2022-22965, disclosed on 31 Mar 2022. We have not to date noted any impact to the security of our enterprise services and have not experienced any degrade...

EulerOS 2.0 SP5 : libwebp (EulerOS-SA-2022-1275)

According to the versions of the libwebp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat fr...

CVE-2021-22489

There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service availability...

CVE-2021-22489

There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service availability...

Design/Logic Flaw

There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service availability...

CVE-2021-22489

Technical details about CVE-2021-22489 are not publicly provided in the supplied documents. Information is limited to a generic DoS description; monitor for updates from Red Hat, NVD, ENISA/EUVD and related vendors.

CVE-2021-22489

There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service availability...

EulerOS 2.0 SP3 : libwebp (EulerOS-SA-2022-1176)

According to the versions of the libwebp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat fr...

openldap: assertion failure in CSN normalization with invalid input

A flaw was found in OpenLDAP. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23. The highest threat from this vulnerability is to system availability...

unbound: assertion failure and denial of service in dname_pkt_copy via an invalid packet

A flaw was found in unbound. A reachable assertion in the dnamepktcopy function can be triggered by sending invalid packets to the server. The highest threat from this vulnerability is to service availability...

unbound: integer overflow in sldns_str2wire_dname_buf_origin can lead to an out-of-bounds write

A flaw was found in unbound. An integer overflow in the sldnsstr2wirednamebuforigin function may lead to a buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability...

unbound: out-of-bounds write via a compressed name in rdata_copy

A flaw was found in unbound. An out-of-bounds write in the rdatacopy function may be abused by a remote attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability...

unbound: out-of-bounds write in sldns_bget_token_par

A flaw was found in unbound. An out-of-bounds write in the sldnsbgettokenpar function may be abused by a remote attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability...

unbound: infinite loop via a compressed name in dname_pkt_copy

A flaw was found in unbound. An infinite loop in dnamepktcopy function could be triggered by a remote attacker. The highest threat from this vulnerability is to service availability...

unbound: assertion failure via a compressed name in dname_pkt_copy

A flaw was found in unbound. A reachable assertion in the dnamepktcopy function can be triggered through compressed names. The highest threat from this vulnerability is to service availability...

Security Bulletin: CVE-2021-42771

Summary A flaw was found in python-babel. A path traversal vulnerability was found in how locale data files are checked and loaded within python-babel, allowing a local attacker to trick an application that uses python-babel to load a file outside of the intended locale directory. The highest...

Huawei EulerOS: Security Advisory for libwebp (EulerOS-SA-2022-1130)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.6.0 : libwebp (EulerOS-SA-2022-1081)

According to the versions of the libwebp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat...