Lucene search
K

7041 matches found

Mageia
Mageia
added 2022/11/08 7:44 p.m.144 views

Updated libtiff packages fix security vulnerability

There is a double free or corruption in rotateImage at tiffcrop.c:8839 found in libtiff 4.4.0rc1. CVE-2022-2519 A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage at tiffcrop.c:8621 that can cause program crash when reading a crafted input. CVE-2022-2520 It w...

7.7CVSS6.8AI score0.00949EPSS
Exploits5References3
RedHat Linux
RedHat Linux
added 2022/11/08 9:33 a.m.6 views

libtiff: reachable assertion

A reachable assertion failure was found in libtiff's JBIG functionality. This flaw allows an attacker who can submit a crafted file to an application linked with libtiff and using the JBIG functionality, causes a crash via an assertion failure, leading to a denial of service. The exact mechanism...

6.5CVSS5.7AI score0.01478EPSS
Exploits1References4
Amazon
Amazon
added 2022/11/08 12:0 a.m.38 views

Medium: glibc

Issue Overview: In the GNU C Library aka glibc or libc6 before 2.28, parseregexp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service assertion failure and application exit or trigger an incorrect result by attempting a regular-expression match...

7.5CVSS6.9AI score0.03906EPSS
Exploits1
OSV
OSV
added 2022/11/02 12:15 p.m.4 views

CVE-2022-35842

An exposure of sensitive information to an unauthorized actor vulnerabiltiy CWE-200 in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 through 7.0.6 and versions 6.4.0 through 6.4.9 may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS...

7.5CVSS5.8AI score0.00608EPSS
Exploits0References1
Gentoo Linux
Gentoo Linux
added 2022/10/31 12:0 a.m.32 views

libjxl: Denial of Service

Background libjxl is the JPEG XL image format reference implementation. Description libjxl contains an unecessary assertion in jxl::LowMemoryRenderPipeline::Init. Impact An attacker can cause a denial of service of the libjxl process via a crafted input file. Workaround There is no known workarou...

6.5CVSS4.1AI score0.00816EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2022/10/31 12:0 a.m.29 views

GLSA-202210-36 : libjxl: Denial of Service

The remote host is affected by the vulnerability described in GLSA-202210-36 libjxl: Denial of Service - libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init in renderpipeline/lowmemoryrenderpipeline.cc. CVE-2022-34000 Note that Nessus has not tested for this issue but has inste...

6.5CVSS6.5AI score0.00816EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2022/10/31 12:0 a.m.39 views

GLSA-202210-10 : LibTIFF: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202210-10 LibTIFF: Multiple Vulnerabilities - Null source pointer passed as an argument to memcpy function within TIFFFetchStripThing in tifdirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via...

7.7CVSS5.8AI score0.01851EPSS
Exploits15References18
OSV
OSV
added 2022/10/26 3:53 p.m.7 views

SUSE-SU-2022:3782-1 Security update for libmad

This update for libmad fixes the following issues: - CVE-2017-8373: Fixed heap-based buffer overflow in madlayerIII bsc1036968. - CVE-2017-8372: Fixed assertion failure in layer3.c bsc1036969...

7.8CVSS6.2AI score0.02538EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2022/10/23 12:0 a.m.45 views

Debian dla-3152 : glibc-doc - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3152 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3152-1 [email protected]...

9.8CVSS8AI score0.05223EPSS
Exploits6References30
CNNVD
CNNVD
added 2022/10/18 12:0 a.m.3 views

Wire 授权问题漏洞

Wire is a chat program from the German company Wire. The software supports Web, WindowsiOS, Android, and OS X platforms, has a group feature, allows voice calls, sends photos, and its original greeting method, PING. An authorization issue vulnerability exists in versions prior to Wire 4.19.0, whi...

9.8CVSS7.9AI score0.00599EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/10/16 12:0 a.m.30 views

GLSA-202210-08 : Tcpreplay: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202210-08 Tcpreplay: Multiple Vulnerabilities - tcpreplay 4.3.4 has a Reachable Assertion in addtreeipv6 at tree.c CVE-2021-45386 - tcpreplay 4.3.4 has a Reachable Assertion in addtreeipv4 at tree.c. CVE-2021-45387 - Tcpreplay...

7.8CVSS7AI score0.01918EPSS
Exploits12References15
Veracode
Veracode
added 2022/10/14 4:27 a.m.24 views

Denial Of Service (DoS)

ImageMagick is vulnerable to Denial Of Service DoS. A crafted file could trigger an assertion failure when a call to WriteImages is made in MagickWand/operation.c, due to a NULL image list causing an application crash...

5.5CVSS5.5AI score0.00318EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2022/10/12 12:0 a.m.14 views

Passport-SAML 数据伪造问题漏洞

Passport-SAML is the SAML 2.0 authentication provider for Passport, the Node.js authentication library. Passport-SAML suffers from a data forgery issue vulnerability that stems from the fact that a remote attacker can use passport-saml to bypass SAML authentication on a website...

8.1CVSS8.2AI score0.03025EPSS
Exploits1References5
Mageia
Mageia
added 2022/10/08 8:22 p.m.53 views

Updated dbus packages fix security vulnerability

A syntactically invalid type signature with incorrectly nested parentheses and curly brackets would cause an assertion failure in debug builds. Similar messages could potentially result in a crash or incorrect message processing in a production build, although we are not aware of a practical...

6.5CVSS1.4AI score0.0131EPSS
Exploits3References2
OSV
OSV
added 2022/10/08 8:22 p.m.5 views

MGASA-2022-0365 Updated dbus packages fix security vulnerability

A syntactically invalid type signature with incorrectly nested parentheses and curly brackets would cause an assertion failure in debug builds. Similar messages could potentially result in a crash or incorrect message processing in a production build, although we are not aware of a practical...

6.5CVSS6.7AI score0.0131EPSS
Exploits3References3
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.5 views

Elastic Cloud Enterprise 日志信息泄露漏洞

Elastic Cloud Enterprise is a cloud platform from Elastic. It makes it easy to deploy, operate, and scale Elastic Stack in the cloud. A security vulnerability exists in Elastic Cloud Enterprise versions prior to 3.1.1, which stems from the disclosure of the SAML signature private key used for RBA...

5.3CVSS5.8AI score0.00518EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2022/09/27 12:0 a.m.20 views

openSUSE: Security Advisory for mariadb (SUSE-SU-2022:3391-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.3AI score0.02082EPSS
Exploits10References2
OSV
OSV
added 2022/09/26 1:6 p.m.6 views

SUSE-SU-2022:3391-1 Security update for mariadb

This update for mariadb fixes the following issues: Update to 10.5.17: - CVE-2022-32082: Fixed assertion failure at table-getrefcount == 0 in dict0dict.cc bsc1201162. - CVE-2022-32089: Fixed segmentation fault via the component stselectlexunit::excludelevel bsc1201169. - CVE-2022-32081: Fixed...

7.5CVSS6.4AI score0.02082EPSS
Exploits10References24
Tenable Nessus
Tenable Nessus
added 2022/09/25 12:0 a.m.25 views

GLSA-202209-13 : libaacplus: Denial of Service

The remote host is affected by the vulnerability described in GLSA-202209-13 libaacplus: Denial of Service - auchannel.h in HE-AAC+ Codec aka libaacplus 2.0.2 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have...

7.8CVSS7.6AI score0.01506EPSS
Exploits3References5
CNVD
CNVD
added 2022/09/20 12:0 a.m.27 views

Google TensorFlow DrawBoundingBoxes Denial of Service Vulnerability

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial-of-service vulnerability exists in Google TensorFlow, which stems from the fact that when DrawBoundingBoxes receives input boxes that do not belong to the float dtype, it gives the assertion...

7.5CVSS3.6AI score0.00396EPSS
Exploits0References1
Rows per page
Query Builder