4065 matches found
openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow
A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service...
BIT-GOLANG-2023-29403 Unsafe behavior in setuid/setgid binaries in runtime
On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...
mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2024)
Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server...
mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024)
Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server...
sqlite: heap-buffer-overflow at sessionfuzz
A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur...
IBM Sterling Connect:Express for UNIX 缓冲区错误漏洞
IBM Sterling Connect:Express for UNIX is a file transfer solution for the UNIX platform from International Business Machines IBM. A buffer overflow vulnerability exists in IBM Sterling Connect:Express for UNIX version 1.5.0, which originates from the program's failure to properly validate the...
Mozilla: Out-of-bounds memory read in networking channels
The Mozilla Foundation Security Advisory describes this flaw as: When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read...
CVE-2024-23305
An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch ab0ee111. A specially crafted .vmrk file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...
mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024)
Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server...
mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
mysql: InnoDB unspecified vulnerability (CPU Apr 2023)
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...
golang: cmd/go: Protocol Fallback when fetching modules
A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure "git://" if trying to fetch a .git module that has no "https://" or "git+ssh://" available...
CVE-2024-25980
Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers...
gimp: PSD buffer overflow RCE
A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSD file, possibly enabling the execution of unauthorized code within the GIMP process...
dotnet6.0 security update
6.0.127-1.0.1 - Update to .NET SDK 6.0.127 and Runtime 6.0.27...
SUSE CVE-2024-25447
An issue in the imlibloadimagewitherrorreturn function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image...
JSS: memory leak in TLS connection leads to OOM
A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service...
SUSE CVE-2024-1283
Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
PT-2024-17034 · Snow · Snow Software Inventory Agent
Name of the Vulnerable Software and Affected Versions: Snow Software Inventory Agent on Unix versions through 7.3.1 Description: The issue is related to an Improper Verification of Cryptographic Signature vulnerability, which allows File Manipulation through Snow Update Packages. Recommendations:...
SUSE CVE-2024-22667
Vim before 9.0.2142 has a stack-based buffer overflow because didsetlangmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions...