UBUNTU-CVE-2024-21646

Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remo...

Rockwell FactoryTalk Services Platform Installed (Windows)

Binary data rockwellfactorytalkservicesplatformwininstalled.nbin...

Microsoft Azure uAMQP Code Injection Vulnerability

Microsoft Azure uAMQP is a library from Microsoft Corporation USA. A code injection vulnerability exists in versions of Microsoft Azure uAMQP prior to 2023-12-01, which stems from a vulnerability that allows an attacker to cause an integer overflow or memory security issue by sending specially...

CVE-2023-35992

An integer overflow vulnerability exists in the FST fstReaderIterBlocks2 vesc allocation functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability...

CVE-2023-35992

An integer overflow vulnerability exists in the FST fstReaderIterBlocks2 vesc allocation functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability...

UBUNTU-CVE-2023-35703

Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the...

CVE-2023-32650

An integer overflow vulnerability exists in the FSTBLGEOM parsing maxhandle functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability...

Updated putty package fixes a security vulnerability (Terrapin attack)

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and many other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a...

GTKWave FST fstReaderIterBlocks2 vesc allocation integer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1790 GTKWave FST fstReaderIterBlocks2 vesc allocation integer overflow vulnerability January 8, 2024 CVE Number CVE-2023-35992 SUMMARY An integer overflow vulnerability exists in the FST fstReaderIterBlocks2 vesc allocation functionality of GTKWave 3.3.115,...

CVE-2023-7208

A vulnerability classified as critical was found in Totolink X2000RV2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to this vulnerability. NOTE: The vendor was...

Mozilla Firefox: Multiple Vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-paramiko (SUSE-SU-2024:0035-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0035-1 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other...

OESA-2024-1027 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

openSUSE 15 Security Update : proftpd (openSUSE-SU-2024:0008-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0008-1 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

Beware: 3 Malicious PyPI Packages Found Targeting Linux with Crypto Miners

Three new malicious packages have been discovered in the Python Package Index PyPI open-source repository with capabilities to deploy a cryptocurrency miner on affected Linux devices. The three harmful packages, named modularseven, driftme, and catme, attracted a total of 431 downloads over the...

Withdrawn Advisory: User-provided environment values allow execution on macOS agents

Withdrawn Advisory This advisory has been withdrawn because the vulnerability affects a binary, not a library in a supported ecosystem. Therefore, users of the library should not receive alerts. This link is maintained to preserve external references. Original Description Impact Agents running on...

GHSA-C9V7-WMWJ-VF6X Withdrawn Advisory: SFTP is possible on the Proxy server for any user with SFTP access

Withdrawn Advisory This advisory has been withdrawn because the vulnerability affects a binary, not a library in a supported ecosystem. Therefore, users of the library should not receive alerts. This link is maintained to preserve external references. Original Description Impact An attacker that...

Binary Vulnerability in Damon Database Client of Wuhan Damon Database Co. Ltd (CNVD-2024-08142)

Wuhan Damon Database Co., Ltd. is a leading database product development service provider in China. A binary vulnerability exists in the client side of the Damon Database of Wuhan Damon Database Co. Ltd, which can be exploited by attackers to cause a program crash...

Binary Vulnerability in Damon Database Client of Wuhan Damon Database Co.

Wuhan Damon Database Co., Ltd. is a leading database product development service provider in China. A binary vulnerability exists in the client side of the Damon Database of Wuhan Damon Database Co. Ltd, which can be exploited by attackers to cause a program crash...

Binary Vulnerability in Damon Database Client of Wuhan Damon Database Co. Ltd (CNVD-2024-07080)

Wuhan Damon Database Co., Ltd. is a leading database product development service provider in China. A binary vulnerability exists in the client side of the Damon Database of Wuhan Damon Database Co. Ltd, which can be exploited by attackers to cause a program crash...