GHSA-8G9C-28FC-MCX2 Duplicate Advisory: Microsoft Identity Denial of service vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-59j7-ghrg-fj52. This link is maintained to preserve external references. Original Description Impact An attacker could exploit this vulnerability by crafting a malicious JSON Web Encryption JWE token with a high...

DEBIAN-CVE-2022-36764

EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability...

NewStart CGSL MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2023-0058)

The remote NewStart CGSL host, running version MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat...

NewStart CGSL MAIN 6.06 : cairo Vulnerability (NS-SA-2023-0077)

The remote NewStart CGSL host, running version MAIN 6.06, has cairo packages installed that are affected by a vulnerability: - A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's...

NewStart CGSL MAIN 6.06 : udisks2 Vulnerability (NS-SA-2023-0090)

The remote NewStart CGSL host, running version MAIN 6.06, has udisks2 packages installed that are affected by a vulnerability: - A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this...

CVE-2023-49083

A null-pointer dereference vulnerability was found in python-cryptography during the loading of PKCS7 certificates. Invoking "loadpempkcs7certificates" or "loadderpkcs7certificates" can trigger this issue and lead to subsequent segmentation fault and result in a Denial of Service DoS for any...

CVE-2023-49083

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling loadpempkcs7certificates or loadderpkcs7certificates could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service...

Null pointer dereference

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling loadpempkcs7certificates or loadderpkcs7certificates could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service...

GLSA-202311-08 : GNU Libmicrohttpd: Buffer Overflow Vulnerability

The remote host is affected by the vulnerability described in GLSA-202311-08 GNU Libmicrohttpd: Buffer Overflow Vulnerability - A flaw was found in libmicrohttpd. A missing bounds check in the postprocessurlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary...

GLSA-202311-16 : Open vSwitch: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202311-16 Open vSwitch: Multiple Vulnerabilities - A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially...

GNU Libmicrohttpd: Buffer Overflow Vulnerability

Background GNU libmicrohttpd is a small C library that makes it easy to run an HTTP server as part of another application. GNU Libmicrohttpd is free software and part of the GNU project. Description A buffer overflow vulnerability has been discovered in GNU Libmicrohttpd. Please review the CVE...

Medium: containerd

Issue Overview: A flaw was found in containerd. Access controls for the shim API socket verified that a connecting process had an effective UID of 0, but otherwise did not restrict access to the abstract Unix domain socket. This could allow malicious containers running in the same network namespa...

libfastjson: integer overflow and out-of-bounds write via a large JSON file

A flaw was found in json-c. In printbufmemappend, certain crafted values can overflow the memory allowing an attacker to write past the memory boundary. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

webkitgtk: attacker with JavaScript execution may be able to execute arbitrary code

A flaw was found in WebKitGTK. An attacker may be able to execute JavaScript code to trigger Remote Code Execution, resulting in a high impact on data confidentiality, integrity, and system availability...

kernel: perf: Fix perf_pending_task() UaF

A use-after-free vulnerability was found in the Linux kernel. It is possible for perfpendingtask to run after the event is free, resulting in a loss of system availability...

kernel: net: sched: sfb: fix null pointer access issue when sfb_init() fails

A null pointer dereference exists in the linux kernel, such that when sfbinit fails qdisc is NULL, and it will cause gpf issue, leading to damage to the availability of the system...

Rocky Linux 8 : virt:rhel and virt-devel:rhel (RLSA-2020:4676)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4676 advisory. - libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ipreass in ipinput.c. CVE-2019-15890 - qemu/qemudriver.c in libvirt before 6.0.0...

Rocky Linux 8 : xorg-x11-server and xorg-x11-server-Xwayland (RLSA-2022:1917)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1917 advisory. - A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs...

Rocky Linux 9 : python3.9 (RLSA-2022:7323)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7323 advisory. - A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using inttext, a system could take 50ms to parse an int...

BIT-2020-2574

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...