libjxl: Denial of Service

Background libjxl is the JPEG XL image format reference implementation. Description libjxl contains an unecessary assertion in jxl::LowMemoryRenderPipeline::Init. Impact An attacker can cause a denial of service of the libjxl process via a crafted input file. Workaround There is no known workarou...

GLSA-202210-10 : LibTIFF: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202210-10 LibTIFF: Multiple Vulnerabilities - Null source pointer passed as an argument to memcpy function within TIFFFetchStripThing in tifdirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via...

GLSA-202210-36 : libjxl: Denial of Service

The remote host is affected by the vulnerability described in GLSA-202210-36 libjxl: Denial of Service - libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init in renderpipeline/lowmemoryrenderpipeline.cc. CVE-2022-34000 Note that Nessus has not tested for this issue but has inste...

SUSE-SU-2022:3782-1 Security update for libmad

This update for libmad fixes the following issues: - CVE-2017-8373: Fixed heap-based buffer overflow in madlayerIII bsc1036968. - CVE-2017-8372: Fixed assertion failure in layer3.c bsc1036969...

Debian dla-3152 : glibc-doc - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3152 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3152-1 [email protected]...

Wire 授权问题漏洞

Wire is a chat program from the German company Wire. The software supports Web, WindowsiOS, Android, and OS X platforms, has a group feature, allows voice calls, sends photos, and its original greeting method, PING. An authorization issue vulnerability exists in versions prior to Wire 4.19.0, whi...

GLSA-202210-08 : Tcpreplay: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202210-08 Tcpreplay: Multiple Vulnerabilities - tcpreplay 4.3.4 has a Reachable Assertion in addtreeipv6 at tree.c CVE-2021-45386 - tcpreplay 4.3.4 has a Reachable Assertion in addtreeipv4 at tree.c. CVE-2021-45387 - Tcpreplay...

Denial Of Service (DoS)

ImageMagick is vulnerable to Denial Of Service DoS. A crafted file could trigger an assertion failure when a call to WriteImages is made in MagickWand/operation.c, due to a NULL image list causing an application crash...

Passport-SAML 数据伪造问题漏洞

Passport-SAML is the SAML 2.0 authentication provider for Passport, the Node.js authentication library. Passport-SAML suffers from a data forgery issue vulnerability that stems from the fact that a remote attacker can use passport-saml to bypass SAML authentication on a website...

Updated dbus packages fix security vulnerability

A syntactically invalid type signature with incorrectly nested parentheses and curly brackets would cause an assertion failure in debug builds. Similar messages could potentially result in a crash or incorrect message processing in a production build, although we are not aware of a practical...

MGASA-2022-0365 Updated dbus packages fix security vulnerability

A syntactically invalid type signature with incorrectly nested parentheses and curly brackets would cause an assertion failure in debug builds. Similar messages could potentially result in a crash or incorrect message processing in a production build, although we are not aware of a practical...

Elastic Cloud Enterprise 日志信息泄露漏洞

Elastic Cloud Enterprise is a cloud platform from Elastic. It makes it easy to deploy, operate, and scale Elastic Stack in the cloud. A security vulnerability exists in Elastic Cloud Enterprise versions prior to 3.1.1, which stems from the disclosure of the SAML signature private key used for RBA...

openSUSE: Security Advisory for mariadb (SUSE-SU-2022:3391-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2022:3391-1 Security update for mariadb

This update for mariadb fixes the following issues: Update to 10.5.17: - CVE-2022-32082: Fixed assertion failure at table-getrefcount == 0 in dict0dict.cc bsc1201162. - CVE-2022-32089: Fixed segmentation fault via the component stselectlexunit::excludelevel bsc1201169. - CVE-2022-32081: Fixed...

GLSA-202209-13 : libaacplus: Denial of Service

The remote host is affected by the vulnerability described in GLSA-202209-13 libaacplus: Denial of Service - auchannel.h in HE-AAC+ Codec aka libaacplus 2.0.2 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have...

Google TensorFlow DrawBoundingBoxes Denial of Service Vulnerability

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial-of-service vulnerability exists in Google TensorFlow, which stems from the fact that when DrawBoundingBoxes receives input boxes that do not belong to the float dtype, it gives the assertion...

F5 Networks BIG-IP : GNU C Library vulnerability (K64119434)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.5.1. It is, therefore, affected by a vulnerability as referenced in the K64119434 advisory. In the GNU C Library aka glibc or libc6 before 2.28, parseregexp in posix/regcomp.c misparses alternatives, which allows...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists in ImportNodes in functiondefimport.cc because the assertion fails on MLIR when empty edge names are given which causes an application crash...

GSD-2022-1006245 jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted

jbd2: fix assertion 'jh-bfrozendata == NULL' failure when journal aborted This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.291 by commit...

GSD-2022-1006142 jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted

jbd2: fix assertion 'jh-bfrozendata == NULL' failure when journal aborted This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.256 by commit...