CVE-2023-36840

Summary (CVE-2023-36840) A reachable-assertion vulnerability in Juniper’s Routing Protocol Daemon (RPD) on Junos OS and Junos OS Evolved can be exploited by a locally authenticated, low-privilege user when running a specific L2VPN command to cause a DoS (RPD crash/restart). Affected products/vers...

DEBIAN-CVE-2023-37836

libjpeg commit db33a6e was discovered to contain a reachable assertion via BitMapHook::BitMapHook at bitmaphook.cpp. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted file...

CVE-2023-37836

libjpeg commit db33a6e was discovered to contain a reachable assertion via BitMapHook::BitMapHook at bitmaphook.cpp. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted file...

PT-2023-26139 · Libjpeg +1 · Libjpeg +1

Name of the Vulnerable Software and Affected Versions: libjpeg affected versions not specified Description: A reachable assertion was discovered in libjpeg via BitMapHook::BitMapHook at bitmaphook.cpp, allowing attackers to cause a Denial of Service DoS via a crafted file. Recommendations: At the...

CVE-2023-37836

libjpeg commit db33a6e was discovered to contain a reachable assertion via BitMapHook::BitMapHook at bitmaphook.cpp. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted file...

CVE-2023-37836

libjpeg commit db33a6e was discovered to contain a reachable assertion via BitMapHook::BitMapHook at bitmaphook.cpp. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted file...

CVE-2023-37836

CVE-2023-37836 affects libjpeg due to a reachable assertion in BitmapHook::BitMapHook (bitmaphook.cpp) that can be triggered by a crafted file to cause a Denial of Service. The vulnerability relies on a specific commit (db33a6e) and is documented across multiple sources in the connected set; no v...

Invariants doesn't checked

Lines of code Vulnerability details Impact Liquidity providers might lost their funds. Because wellFunction can be arbitrary. Proof of Concept I've asked publius about wellFunction, and he respond -- that anyone can create any wellFunction and pass it to the Well. So, let's consider for example...

ROS-2-1199

2.1199 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...

ROS-2-1567

2.1567 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...

ROS-2-562

2.562 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...

ROS-2-618

2.618 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...

Debian DSA-5448-1 : linux - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5448 advisory. - An out-of-bounds memory access flaw was found in the Linux kernel's XFS file system in how a user restores an XFS image after failure with a dirty log journal...

EulerOS 2.0 SP11 : libtiff (EulerOS-SA-2023-2274)

According to the versions of the libtiff package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a double free or corruption in rotateImage at tiffcrop.c:8839 found in libtiff 4.4.0rc1 CVE-2022-2519 - A flaw was found in libtiff...

The software for managing identities and access control in Keycloak has vulnerabilities. This vulnerability stems from the lack of name filtering during the generation of a 404 HTTP error page. As a result, attackers can execute any desired script.

The vulnerability of the Keycloak identity and access management software lies in the absence of name filtering during the generation of a 404 HTTP error page. As a result, the name of the non-existent webpage is passed unchanged to the generated error page. Exploiting this vulnerability allows a...

Important: kernel

Issue Overview: A flaw was found in the Linux kernel Traffic Control TC subsystem. Using a specific networking configuration redirecting egress packets to ingress using TC action "mirred" a local unprivileged user could trigger a CPU soft lockup ABBA deadlock when the transport protocol in use TC...

RHSSO: XSS due to lax URI scheme validation

Keycloak, an open-source identity and access management solution, has a cross-site scripting XSS vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirecturi...

RHSSO: XSS due to lax URI scheme validation

Keycloak, an open-source identity and access management solution, has a cross-site scripting XSS vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirecturi...

Advisory ROSA-SA-2023-2174

software: redis 7.0.11 OS: ROSA-CHROME packageevrstring: redis-7.0.11-1.src.rpm CVE-ID: CVE-2022-35977 BDU-ID: 2023-00695 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Redis database management system DBMS is related to integer overflow during object processing. Exploitation of the...

PT-2023-3319 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak versions affected versions not specified Description: The issue is related to a cross-site scripting XSS vulnerability in Keycloak, an open-source identity and access management solution. This vulnerability can be exploited by settin...