PT-2023-7130 · Cisco · Cisco Ftd +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: The issue is related to the implementation of Security Assertion Markup...

SUSE CVE-2023-38473

A vulnerability was found in Avahi. A reachable assertion exists in the avahialternativehostname function...

Squid Multiple DoS Vulnerabilities (GHSA-f975-v7qw-q7hj, SQUID-2024:4)

Squid is prone to multiple denial of service DoS vulnerabilities due to multiple issues in ESI. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CLSA-2023-1697740947 glib2: Fix of 5 CVEs

Enable internal tests - Skip several failed tests from the check - CVE-2023-29499: Fix GVariant offset table entry size which is not checked in isnormal - CVE-2023-32611: Fix an issue where gvariantbyteswap can take a long time with some non-normal inputs - CVE-2023-32665: Fix GVariant...

CLSA-2023-1697740212 glib2: Fix of 5 CVEs

Enable internal tests - Skip several failed tests from the check - CVE-2023-29499: Fix GVariant offset table entry size which is not checked in isnormal - CVE-2023-32611: Fix an issue where gvariantbyteswap can take a long time with some non-normal inputs - CVE-2023-32665: Fix GVariant...

Oracle Linux 9 : galera / and / mariadb (ELSA-2023-5684)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-5684 advisory. galera 26.4.14-1.0.1 - Rebase to 26.4.14 26.4.13-1.0.1 - Rebase to 26.4.13 26.4.12-1.0.1 - Rebase to 26.4.12 mariadb 3:10.5.22-1 - Rebase to 10.5.22...

CVE-2023-39278

SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash...

Stack overflow

SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash...

CVE-2023-39278

SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash...

CVE-2023-39278

SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash...

CVE-2023-39278

CVE-2023-39278 is a SonicOS vulnerability in which a post-authentication user assertion failure in main.cgi leads to a Stack-Based Buffer Overflow and a firewall crash. The connected sources corroborate that SonicOS Management Web Interface and SSLVPN portal are affected by multiple related post-...

SonicWALL SonicOS Buffer Error Vulnerability

SonicWALL SonicOS is an operating system from SonicWALL, Inc. designed for SonicWall firewall appliances. A security vulnerability exists in SonicWALL SonicOS that stems from a user assertion failure and a stack-based buffer overflow vulnerability in main.cgi that causes the firewall to crash...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Tor vulnerabilities (USN-5036-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5036-1 advisory. It was discovered that Tor incorrectly handled certain memory operations. A remote attacker could use this issue to cause a denia...

PT-2023-29649 · Saml · Saml

Name of the Vulnerable Software and Affected Versions: github.com/crewjam/saml versions prior to 0.4.14 Description: The package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the...

SAML Cross-Site Scripting Vulnerability

SAML is a library for Ross Kinder individual developers that contains a partial implementation of the saml standard in golang. That is, it allows third parties to authenticate your users, or allows third parties to rely on us to authenticate their users. A cross-site scripting vulnerability exist...

Ubuntu 16.04 ESM / 18.04 ESM : SoundTouch vulnerabilities (USN-4826-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4826-1 advisory. It was discovered that SoundTouch incorrectly handled certain WAV files. A remote attacker could possibly use this issue to cause a denial of...

Rocky Linux 8 : mariadb:10.5 (RLSA-2023:5683)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5683 advisory. - MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepareinplaceaddvirtual at /storage/innobase/handler/handler0alter.cc...

SUSE SLED15: xen / xen-devel / xen-doc-html / xen-libs / xen-libs-32bit / etc (SUSE-SU-2023:4054-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4054-1 advisory. - CVE-2023-34323: A transaction conflict can crash C Xenstored XSA-440, bsc1215744 -...

CentOS 8 : mariadb:10.5 (CESA-2023:5683)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:5683 advisory. - MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepareinplaceaddvirtual at /storage/innobase/handler/handler0alter.cc...

CVE-2023-44175

A Reachable Assertion vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service DoS. Continued receipt and processing of this packet will create...