Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2023-2207)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FortiSIEM - Use of a Broken or Risky Cryptographic Algorithm

A use of a broken or risky cryptographic algorithm CWE-327 in FortiSIEM may allow a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods...

OESA-2023-1339 c-ares security update

This is c-ares, an asynchronous resolver library. It is intended for applications which need to perform DNS queries without blocking, or need to perform multiple Security Fixes: c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to...

CVE-2020-36724

The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.1. This is due to the use of a user supplied hashing algorithm passed to the hashhmac function and the use of a loose comparison on the hash which allows an attacker to trick the functio...

WordPress Plugin Wordable 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

EulerOS Virtualization 2.11.1 : curl (EulerOS-SA-2023-2066)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when...

Security Bulletin: Vulnerabilities in Python below 3.9.16 affecting IBM Spectrum Protect Plus and its application agents for IBM Db2 and MongoDb2 using python.

Summary CVEID: CVE-2022-45061 An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of...

FreeBSD : OpenSSL -- Possible DoS translating ASN.1 identifiers (eb9a3c57-ff9e-11ed-a0d1-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the eb9a3c57-ff9e-11ed-a0d1-84a93843eb75 advisory. - Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may...

CVE-2023-2650

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...

UBUNTU-CVE-2023-2650

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...

DEBIAN-CVE-2023-1667

A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service...

CVE-2023-1667

A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service...

Null pointer dereference

A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service...

EntropyReducer - Reduce Entropy And Obfuscate Youre Payload With Serialized Linked Lists

EntropyReducer: Reduce The Entropy Of Youre Payload And Obfuscate It With Serialized Linked Lists How Does It Work EntropyReducer algorithm is determined by BUFFSIZE and NULLBYTES values. The following is how would EntropyReducer organize your payload if BUFFSIZE was set to 4 , and NULLBYTES to 2...

CVE-2023-1667

A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service...

CVE-2023-1667

A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service...

Oracle Linux 8 : python38:3.8 / and / python38-devel:3.8 (ELSA-2023-2763)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2763 advisory. - An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 34...

Denial Of Services (DoS)

libssh.so is vulnerable to Denial Of Services DoS. The vulnerability exists due to a null pointer dereference during rekeying with algorithm guessing, which allows an attacker to cause an application crash when the client initiates rekeying with the firstkexpacketfollows flag in the KEXINIT messa...

Updated libssh packages fix security vulnerability

Potential NULL dereference during rekeying with algorithm guessing. CVE-2023-1667 Authorization bypass in pkiverifydatasignature. CVE-2023-2283...

AlmaLinux 8 : python27:2.7 (ALSA-2023:2860)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:2860 advisory. Python: CPU denial of service via inefficient IDNA decoder CVE-2022-45061 Tenable has extracted the preceding description block directly from the AlmaLinux securit...