PT-2023-9394 · Avahi +9 · Avahi +9

Name of the Vulnerable Software and Affected Versions: Avahi affected versions not specified Description: A vulnerability exists in the Avahi service discovery system, related to a reachable assertion in the dbus set host name function. This issue can be exploited to cause a denial of service...

PT-2023-9390 · Avahi +9 · Avahi +9

Name of the Vulnerable Software and Affected Versions: Avahi affected versions not specified Description: A vulnerability exists in Avahi due to a reachable assertion in the avahi dns packet append record function. This issue can be exploited to cause a denial of service. Recommendations: At the...

PT-2023-7434 · Avahi +9 · Avahi +9

Name of the Vulnerable Software and Affected Versions: Avahi affected versions not specified Description: A vulnerability exists in the avahi rdata parse function of Avahi, which is related to a reachable assertion. This issue can be exploited by an attacker to cause a denial of service...

Fedora 38 : frr (2023-77d00facd0)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-77d00facd0 advisory. New version 8.5 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Fedora 36 : frr (2023-14ec79ae02)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-14ec79ae02 advisory. New version 8.5 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

The vulnerability of the BIND DNS server arises from improper validation of assertions, which leads to incomplete cleanup. This allows attackers to perform a denial-of-service attack.

The vulnerability of the BIND DNS server relates to the possibility of exploiting certain vulnerabilities during DNS query processing. Exploiting this vulnerability allows a malicious actor to send repetitive request patterns to servers with enabled DNSSEC-Vvalidated Cache synth-from-dnssec,...

FreeBSD : py-tensorflow -- denial of service vulnerability (ae132c6c-d716-11ed-956f-7054d21a9e2a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ae132c6c-d716-11ed-956f-7054d21a9e2a advisory. - TensorFlow is an open source platform for machine learning. The implementation of...

UBUNTU-CVE-2023-29536

An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox 112, Focus for Android 112, Firefox ESR 102.10, Firefox for...

NewStart CGSL CORE 5.05 / MAIN 5.05 : openldap Multiple Vulnerabilities (NS-SA-2023-0016)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has openldap packages installed that are affected by multiple vulnerabilities: - A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP's slapd server, to trigger ...

CVE-2022-36440

A reachable assertion flaw was found in Frrouting frr-bgpd in the peekforas4capability function. This flaw allows an attacker to maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in a denial of service...

CVE-2022-36440

A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peekforas4capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS...

Authentication flaw

A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peekforas4capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS...

CVE-2022-36440

A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peekforas4capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS...

FRRouting FRR 8.3.0 安全漏洞

FRRouting FRR is a suite of software that implements and manages various IPV4 and IPV6 routing protocols. A security vulnerability exists in FRRouting FRR version 8.3.0, which stems from the presence of assertions that can be exploited by an attacker to cause a DoS...

Fedora 38 : redis (2023-e3e1f9dd4d)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-e3e1f9dd4d advisory. Redis 7.0.10 Released Mon Mar 20 16:00:00 IST 2023 Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: CVE-2023-28425 Specially...

ComponentSpace SAML 信任管理问题漏洞

ComponentSpace SAML is ComponentSpace's SAML and OpenID solution for ASP.NET and ASP.NET Core. A trust management issue vulnerability exists in ComponentSpace SAML version 4.4.0, which stems from a lack of SSL certificate validation...

FreeBSD : redis -- specially crafted MSETNX command can lead to denial-of-service (a60cc0e4-c7aa-11ed-8a4b-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a60cc0e4-c7aa-11ed-8a4b-080027f5fec9 advisory. - Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version...

Important: libtiff

Issue Overview: A flaw was found in libtiff where a NULL source pointer passed as an argument to the memcpy function within the TIFFFetchStripThing in tifdirread.c. This flaw allows an attacker with a crafted TIFF file to exploit this flaw, causing a crash and leading to a denial of service...

Redis 7.0.8 - 7.0.9 DoS Vulnerability

Redis is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:redis:redis"; if...

CVE-2023-28425

Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10...