CBL Mariner 2.0 Security Update: rpm (CVE-2021-35937)

The version of rpm installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-35937 advisory. - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the...

The vulnerability of the UMA component in Google Chrome browser allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of Google Chrome’s UMA User Metrics Analysis component is related to the issue of operations going beyond the buffer in memory when processing HTML content. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of...

Low: gmp

Issue Overview: A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability. CVE-2021-43618 Affected Packages: gmp Issue Correction: Run dnf update gmp...

Medium: python3.9

Issue Overview: A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using inttext, a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16,...

Medium: gstreamer1-plugins-base

Issue Overview: A flaw was found in gstreamer-plugins-base where an out-of-bounds read when handling certain ID3v2 tags is possible. The highest threat from this vulnerability is to system availability. CVE-2021-3522 Affected Packages: gstreamer1-plugins-base Note: This advisory is applicable to...

Amazon Linux 2023 : openexr, openexr-devel, openexr-libs (ALAS2023-2023-022)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-022 advisory. 2024-02-15: CVE-2021-20304 was added to this advisory. A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR...

CBL Mariner 2.0 Security Update: nss (CVE-2020-12403)

The version of nss installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-12403 advisory. - A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using...

Memory corruption

OpenSIPS, a Session Initiation Protocol SIP server implementation, has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. The memory leak was detected in the function parsemirequest while performing coverage-guided fuzzing. This issue can be reproduced by sending...

CVE-2023-28096 OpenSIPS has memory leak in cJSON lib

OpenSIPS, a Session Initiation Protocol SIP server implementation, has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. The memory leak was detected in the function parsemirequest while performing coverage-guided fuzzing. This issue can be reproduced by sending...

Ubuntu 16.04 ESM / 18.04 LTS : OpenJPEG vulnerabilities (USN-5952-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5952-1 advisory. Sebastian Poeplau discovered that OpenJPEG incorrectly handled certain inputs. If a user or an automated system were tricked into opening a...

CVE-2023-25617

SAP Business Object Adaptive Job Server - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the...

CVE-2023-27501 Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete...

PT-2023-21176 · Sap · Sap Netweaver As For Abap/Abap Platform

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791 Description: The issue allows an attacker to exploit insufficient validation of path information provided by users, th...

glob-parent: Regular Expression Denial of Service

A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service ReDoS attacks, affecting system availability...

glob-parent: Regular Expression Denial of Service

A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service ReDoS attacks, affecting system availability...

Oracle Linux 8 : python3 (ELSA-2023-0833)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0833 advisory. 3.6.8-48.0.1 - Add Oracle Linux distribution in platform.py Orabug: 20812544 3.6.8-48.1 - Security fixes for CVE-2020-10735, CVE-2021-28861 and...

K10429441: Linux kernel vulnerability CVE-2020-14331

Security Advisory Description A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VTRESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to t...

K67830124: Linux kernel ext3/ext4 file system vulnerability CVE-2020-14314

Security Advisory Description A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from...

K33101555: Nettle cryptography library vulnerability CVE-2021-20305

Security Advisory Description A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with out-of-range scalers, possibly resulting in...

K47306214: GNU Libmicrohttpd vulnerability CVE-2021-3466

Security Advisory Description A flaw was found in libmicrohttpd in versions before 0.9.71. A missing bounds check in the postprocessurlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from...