IBM Db2 输入验证错误漏洞

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM DB2 suffers from an input validation error vulnerability that stems from the susceptibility to...

PT-2023-27011 · Unknown · Clusterpro X +3

Name of the Vulnerable Software and Affected Versions: CLUSTERPRO X versions 5.1 and earlier EXPRESSCLUSTER X versions 5.1 and earlier CLUSTERPRO X SingleServerSafe versions 5.1 and earlier EXPRESSCLUSTER X SingleServerSafe versions 5.1 and earlier Description: The issue allows an attacker to log...

Important: ecs-init

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: ecs-init Issue Correction: Run dnf update ecs-init...

Low: ecs-init

Issue Overview: No CVE associated with this advisory Affected Packages: ecs-init Issue Correction: Run dnf update ecs-init --releasever 2023.2.20231113 or dnf update --advisory ALAS2023-2023-434 --releasever 2023.2.20231113 to update your system. More information on how to update your system can ...

Important: amazon-ecr-credential-helper

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: amazon-ecr-credential-helper Note: This advisory is...

Medium: giflib

Issue Overview: giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c. CVE-2023-39742 Affected Packages: giflib Issue Correction: Run dnf update giflib --releasever 2023.2.20231018 or dnf update --advisory ALAS2023-2023-386 --releasever 2023.2.20231018 to update...

Medium: vim

Issue Overview: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969. CVE-2023-5344 Affected Packages: vim Issue Correction: Run dnf update vim --releasever 2023.2.20231018 or dnf update --advisory ALAS2023-2023-378 --releasever 2023.2.20231018 to update your system. More...

Advisory ROSA-SA-2023-2270

software: thrift 0.10.0 WASP: ROSA-CHROME packageevrstring: thrift-0.10.0-18.src.rpm CVE-ID: CVE-2018-1320 BDU-ID: 2019-04255 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the org.apache.thrift.transport.TSaslTransport class of the Apache Thrift interface description language is related to...

Advisory ROSA-SA-2023-2259

software: libxpm 3.5.14 OS: ROSA-CHROME packageevrstring: libxpm-3.5.14-2.src.rpm CVE-ID: CVE-2022-44617 BDU-ID: 2023-00389 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the ParsePixels function of the X Pixmap image file library XPM libXpm is related to insufficient input validation. Exploitation...

Important: nginx

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Affected Packages: nginx Issue Correction: Run dnf update nginx...

Important: nodejs

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Affected Packages: nodejs Issue Correction: Run dnf update nodejs...

Medium: mdadm

Issue Overview: Buffer overflow in some IntelR SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-28736 Uncontrolled resource consumption in some IntelR SSD Tools software before version mdadm-4.2-rc...

Important: dotnet6.0

Issue Overview: Visual Studio Remote Code Execution Vulnerability CVE-2023-36792 Visual Studio Remote Code Execution Vulnerability CVE-2023-36793 Visual Studio Remote Code Execution Vulnerability CVE-2023-36794 Visual Studio Remote Code Execution Vulnerability CVE-2023-36796 .NET Core and Visual...

Amazon Linux 2 : postgresql (ALASPOSTGRESQL11-2023-003)

The version of postgresql installed on the remote host is prior to 11.12-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL11-2023-003 advisory. A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let...

Low: file

Issue Overview: File before 5.43 has an stack-based buffer over-read in filecopystr in funcs.c. NOTE: "File" is the name of an Open Source project. CVE-2022-48554 Affected Packages: file Issue Correction: Run dnf update file --releasever 2023.1.20230906 or dnf update --advisory ALAS2023-2023-333...

Advisory ROSA-SA-2023-2230

Software: rsync 3.1.3 OS: ROSA Virtualization 2.1 packageevrstring: rsync-3.1.3.src.rpm CVE-ID: CVE-2018-25032 BDU-ID: 2022-01641 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could...

Advisory ROSA-SA-2023-2226

software: yara 4.3.1 AXIS: ROSA-CHROME packageevrstring: yara-4.3.1-1.src.rpm CVE-ID: CVE-2021-3402 BDU-ID: 2021-04875 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the YARA malware research and detection software is related to integer overflow. Exploitation of the vulnerability could allow an...

Low: gawk

Issue Overview: A heap out-of-bounds read flaw was found in builtin.c in the gawk package which may result in a crash of the software. CVE-2023-4156 Affected Packages: gawk Issue Correction: Run dnf update gawk --releasever 2023.1.20230825 or dnf update --advisory ALAS2023-2023-292 --releasever...

Medium: curl

Issue Overview: libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw risks inserting sensitive heap-based data into t...

Advisory ROSA-SA-2023-2197

software: suricata 6.0.12 WASP: ROSA-CHROME packageevrstring: suricata-6.0.12-1.src.rpm CVE-ID: CVE-2021-37592 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a TCP/IP stack created that can send a specific sequence of...