KLA73914 DoS vulnerability in Wireshark

Denial of service vulnerability was found in Wireshark. Malicious users can exploit this vulnerability to cause denial of service. Original advisories wnpa-sec-2024-10 · SPRT dissector cras Related products Wireshark CVE list CVE-2024-8645 warning Solution Update to the latest version Download...

NewStart CGSL MAIN 6.02 : webkit2gtk3 Multiple Vulnerabilities (NS-SA-2024-0053)

The remote NewStart CGSL host, running version MAIN 6.02, has webkit2gtk3 packages installed that are affected by multiple vulnerabilities: - A use-after-free issue was found in the AudioSourceProviderGStreamer class of WebKitGTK and WPE WebKit in versions prior to 2.30.5. Processing maliciously...

NewStart CGSL MAIN 6.02 : rpm Multiple Vulnerabilities (NS-SA-2024-0052)

The remote NewStart CGSL host, running version MAIN 6.02, has rpm packages installed that are affected by multiple vulnerabilities: - A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly...

NewStart CGSL MAIN 6.02 : libjpeg-turbo Vulnerability (NS-SA-2024-0051)

The remote NewStart CGSL host, running version MAIN 6.02, has libjpeg-turbo packages installed that are affected by a vulnerability: - A stack-based buffer overflow flaw was found in libjpeg-turbo library in the tranform component. An attacker may use this flaw to input a malicious image file to ...

NewStart CGSL MAIN 6.02 : libssh Multiple Vulnerabilities (NS-SA-2024-0052)

The remote NewStart CGSL host, running version MAIN 6.02, has libssh packages installed that are affected by multiple vulnerabilities: - The RANDbytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator PRNG,...

NewStart CGSL MAIN 6.02 : c-ares Multiple Vulnerabilities (NS-SA-2024-0066)

The remote NewStart CGSL host, running version MAIN 6.02, has c-ares packages installed that are affected by multiple vulnerabilities: - A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnam...

NewStart CGSL MAIN 6.02 : vim Multiple Vulnerabilities (NS-SA-2024-0065)

The remote NewStart CGSL host, running version MAIN 6.02, has vim packages installed that are affected by multiple vulnerabilities: - A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The...

ROS-20240827-05

The Unbound DNS server vulnerability is related to the ability of a process outside of the unbound group to reconfigure the of the unbound execution environment. Exploitation of the vulnerability allows an attacker acting remotely to impact the integrity and availability of the system. Impact the...

CVE-2024-45049

Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying...

CVE-2024-45049 Nix Hydra Missing authentication when triggering evaluations

Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying...

PT-2024-31400 · Nixos · Hydra

Name of the Vulnerable Software and Affected Versions: Hydra affected versions not specified Description: Hydra is a Continuous Integration service for Nix-based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can...

The vulnerability of the pm8001_exec_internal_tmf_task() function in the PMC-Sierra SPC 8001 SAS/SATA kernel of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the pm8001execinternaltmftask function in the drivers/scsi/pm8001/pm8001sas.c file of the PMC-Sierra SPC 8001 SAS/SATA kernel for the Linux operating system is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to...

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

The vulnerability of the ocelot_vlan_del() function in the network adapter driver of Microsemi’s operating system Linux allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the ocelotvlandel function in the drivers/net/ethernet/mscc/ocelot.c file of the Microsemi network adapter driver for the Linux operating system is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the...

CVE-2024-40873

CVE-2024-40873 affects Absolute Secure Access prior to version 13.07, specifically the Secure Access administrative console. The vulnerability is a cross-site scripting issue where attackers with system administrator permissions can interfere with another admin’s publishing UI while editing the s...

A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.

...

CVE-2023-40704

The product does not require unique and complex passwords to be created during installation. Using Philips's default password could jeopardize the PACS system if the password was hacked or leaked. An attacker could gain access to the database impacting system availability and data integrity...

Denial Of Service

kibana is vulnerable to Denial Of Service. The vulnerability is due to the runsoon API allowing view-only users to execute alerting rules continuously, potentially impacting system availability if the alerting rules involve complex queries. An attacker can exploit this to degrade system performan...

CBL Mariner 2.0 Security Update: kernel (CVE-2020-27815)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-27815 advisory. - A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the abili...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-073)

The version of kernel installed on the remote host is prior to 5.4.149-73.259. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-073 advisory. A flaw was found in the Linux kernel. When reusing a socket with an attached dccpshctxccid as a listener, t...