7041 matches found
Updated libtiff packages fix security vulnerability
There is a double free or corruption in rotateImage at tiffcrop.c:8839 found in libtiff 4.4.0rc1. CVE-2022-2519 A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage at tiffcrop.c:8621 that can cause program crash when reading a crafted input. CVE-2022-2520 It w...
libtiff: reachable assertion
A reachable assertion failure was found in libtiff's JBIG functionality. This flaw allows an attacker who can submit a crafted file to an application linked with libtiff and using the JBIG functionality, causes a crash via an assertion failure, leading to a denial of service. The exact mechanism...
Medium: glibc
Issue Overview: In the GNU C Library aka glibc or libc6 before 2.28, parseregexp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service assertion failure and application exit or trigger an incorrect result by attempting a regular-expression match...
CVE-2022-35842
An exposure of sensitive information to an unauthorized actor vulnerabiltiy CWE-200 in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 through 7.0.6 and versions 6.4.0 through 6.4.9 may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS...
libjxl: Denial of Service
Background libjxl is the JPEG XL image format reference implementation. Description libjxl contains an unecessary assertion in jxl::LowMemoryRenderPipeline::Init. Impact An attacker can cause a denial of service of the libjxl process via a crafted input file. Workaround There is no known workarou...
GLSA-202210-36 : libjxl: Denial of Service
The remote host is affected by the vulnerability described in GLSA-202210-36 libjxl: Denial of Service - libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init in renderpipeline/lowmemoryrenderpipeline.cc. CVE-2022-34000 Note that Nessus has not tested for this issue but has inste...
GLSA-202210-10 : LibTIFF: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202210-10 LibTIFF: Multiple Vulnerabilities - Null source pointer passed as an argument to memcpy function within TIFFFetchStripThing in tifdirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via...
SUSE-SU-2022:3782-1 Security update for libmad
This update for libmad fixes the following issues: - CVE-2017-8373: Fixed heap-based buffer overflow in madlayerIII bsc1036968. - CVE-2017-8372: Fixed assertion failure in layer3.c bsc1036969...
Debian dla-3152 : glibc-doc - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3152 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3152-1 [email protected]...
Wire 授权问题漏洞
Wire is a chat program from the German company Wire. The software supports Web, WindowsiOS, Android, and OS X platforms, has a group feature, allows voice calls, sends photos, and its original greeting method, PING. An authorization issue vulnerability exists in versions prior to Wire 4.19.0, whi...
GLSA-202210-08 : Tcpreplay: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202210-08 Tcpreplay: Multiple Vulnerabilities - tcpreplay 4.3.4 has a Reachable Assertion in addtreeipv6 at tree.c CVE-2021-45386 - tcpreplay 4.3.4 has a Reachable Assertion in addtreeipv4 at tree.c. CVE-2021-45387 - Tcpreplay...
Denial Of Service (DoS)
ImageMagick is vulnerable to Denial Of Service DoS. A crafted file could trigger an assertion failure when a call to WriteImages is made in MagickWand/operation.c, due to a NULL image list causing an application crash...
Passport-SAML 数据伪造问题漏洞
Passport-SAML is the SAML 2.0 authentication provider for Passport, the Node.js authentication library. Passport-SAML suffers from a data forgery issue vulnerability that stems from the fact that a remote attacker can use passport-saml to bypass SAML authentication on a website...
Updated dbus packages fix security vulnerability
A syntactically invalid type signature with incorrectly nested parentheses and curly brackets would cause an assertion failure in debug builds. Similar messages could potentially result in a crash or incorrect message processing in a production build, although we are not aware of a practical...
MGASA-2022-0365 Updated dbus packages fix security vulnerability
A syntactically invalid type signature with incorrectly nested parentheses and curly brackets would cause an assertion failure in debug builds. Similar messages could potentially result in a crash or incorrect message processing in a production build, although we are not aware of a practical...
Elastic Cloud Enterprise 日志信息泄露漏洞
Elastic Cloud Enterprise is a cloud platform from Elastic. It makes it easy to deploy, operate, and scale Elastic Stack in the cloud. A security vulnerability exists in Elastic Cloud Enterprise versions prior to 3.1.1, which stems from the disclosure of the SAML signature private key used for RBA...
openSUSE: Security Advisory for mariadb (SUSE-SU-2022:3391-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE-SU-2022:3391-1 Security update for mariadb
This update for mariadb fixes the following issues: Update to 10.5.17: - CVE-2022-32082: Fixed assertion failure at table-getrefcount == 0 in dict0dict.cc bsc1201162. - CVE-2022-32089: Fixed segmentation fault via the component stselectlexunit::excludelevel bsc1201169. - CVE-2022-32081: Fixed...
GLSA-202209-13 : libaacplus: Denial of Service
The remote host is affected by the vulnerability described in GLSA-202209-13 libaacplus: Denial of Service - auchannel.h in HE-AAC+ Codec aka libaacplus 2.0.2 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have...
Google TensorFlow DrawBoundingBoxes Denial of Service Vulnerability
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial-of-service vulnerability exists in Google TensorFlow, which stems from the fact that when DrawBoundingBoxes receives input boxes that do not belong to the float dtype, it gives the assertion...