CVE-2023-52527

In the Linux kernel, the following vulnerability has been resolved: ipv4, ipv6: Fix handling of transhdrlen in ip,6appenddata Including the transhdrlen in length is a problem when the packet is partially filled e.g. something like sendMSGMORE happened previously when appending to an IPv4 or IPv6...

avahi: Reachable assertion in avahi_dns_packet_append_record

A vulnerability was found in Avahi, where a reachable assertion exists in avahidnspacketappendrecord...

avahi: Reachable assertion in avahi_dns_packet_append_record

A vulnerability was found in Avahi, where a reachable assertion exists in avahidnspacketappendrecord...

avahi: Reachable assertion in avahi_dns_packet_append_record

A vulnerability was found in Avahi, where a reachable assertion exists in avahidnspacketappendrecord...

OESA-2023-1812 avahi security update

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared...

DEBIAN-CVE-2023-38469

A vulnerability was found in Avahi, where a reachable assertion exists in avahidnspacketappendrecord...

ALPINE-CVE-2023-38469

A vulnerability was found in Avahi, where a reachable assertion exists in avahidnspacketappendrecord...

AZL-34549 CVE-2023-38469 affecting package avahi for versions less than 0.8-4

A vulnerability was found in Avahi, where a reachable assertion exists in avahidnspacketappendrecord...

PT-2023-6687

Name of the Vulnerable Software and Affected Versions Bitrix24 version 22.0.300 Description An unsafe variable extraction issue exists in the bitrix/modules/main/classes/general/user options.php file. This allows remote authenticated attackers to execute arbitrary code through two methods:...

PT-2023-31969 · WordPress · The Ai Chatbot For Wordpress

Name of the Vulnerable Software and Affected Versions: The AI ChatBot for WordPress versions up to, and including, 4.8.9 The AI ChatBot for WordPress version 4.9.2 Description: The issue allows subscriber-level attackers to perform Directory Traversal, potentially leading to a Denial of Service D...

PT-2023-36052 · Git +1 · Apache Poi

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A security exception crash was reported, involving the java.base/java.util.Arrays.copyOf, java.base/java.lang.AbstractStringBuilder.ensureCapacityInterna...

PT-2023-9463 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the handling of transhdrlen in the ip,6 append data function. Including transhdrlen in the length is a problem when the packet is partially filled, as it can...

JerryScript Security Vulnerability

JerryScript is a lightweight JavaScript engine from the Jerryscript project. A security vulnerability exists in JerryScript version 3.0 that originates from allowing remote attackers to execute arbitrary code via the ecmastringbuilderappendraw component in...

An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

...

CVE-2023-36369

An issue in the listappend component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

Vyper vulnerable to OOB DynArray access when array is on both LHS and RHS of an assignment

Impact during codegen, the length word of a dynarray is written before the data, which can result in OOB array access in the case where the dynarray is on both the lhs and rhs of an assignment. here is a minimal example producing the issue: vyper a:DynArrayuint256,3 @external def test -...

Node.js: Regular Expression Denial of Service in Headers fetch API

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normali...

PT-2023-9390 · Avahi +9 · Avahi +9

Name of the Vulnerable Software and Affected Versions: Avahi affected versions not specified Description: A vulnerability exists in Avahi due to a reachable assertion in the avahi dns packet append record function. This issue can be exploited to cause a denial of service. Recommendations: At the...

PT-2023-17831 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to an incorrect bounds check in the append to params function of param util.c, which could lead to a possible out of bounds write. This might result in local escalation of privilege without...

PT-2023-17839 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds read in the append camera metadata function of camera metadata.c due to a missing bounds check. This could lead to local information disclosure, requiring System...