Siemens SCALANCE LPE9403 Path Traversal (CVE-2021-41103)

A vulnerability was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permissi...

nss: timing attack against RSA decryption

It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...

Important: ecs-init

Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

PT-2023-31593 · Ipaddress · Ipaddress

Name of the Vulnerable Software and Affected Versions: IPAddress version 5.1.0 Description: An issue in the component IPAddressBitsDivision leads to an infinite loop. This issue is disputed as it only occurs when the developer supplies invalid arguments, and the product is not intended to always...

CVE-2023-49464

libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::getlumabitsperpixelfromconfigurationunci...

DEBIAN-CVE-2023-49464

libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::getlumabitsperpixelfromconfigurationunci...

libheif Security Vulnerabilities

libheif is an ISO/IEC 23008-12:2017 HEIF file format decoder and encoder. A security vulnerability exists in libheif version v1.17.5, which stems from the inclusion of a segmentation violation via the UncompressedImageCodec::getlumabitsperpixelfromconfigurationunci discovery function...

CVE-2023-45287

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...

GO-2023-2375 Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...

kernel: scsi: mpi3mr: Use number of bits to manage bitmap sizes

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Use number of bits to manage bitmap sizes To allocate bitmaps, the mpi3mr driver calculates sizes of bitmaps using byte as unit. However, bitmap helper functions assume that bitmaps are allocated using unsigned long...

kernel: netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one Eric Dumazet says: nfconntrackdccppacket has an unique: dh = skbheaderpointerskb, dataoff, sizeofdh, &dh; And nothing more is 'pulled' from the...

SUSE CVE-2015-3204

libreswan 3.9 through 3.12 allows remote attackers to cause a denial of service daemon restart via an IKEv1 packet with 1 unassigned bits set in the IPSEC DOI value or 2 the next payload value set to ISAKMPNEXTSAK...

CVE-2023-39533

A flaw was found in the go-libp2p package. A malicious peer can use large RSA keys to run a resource exhaustion attack and force a node to spend time doing signature verification of the large key. This issue is present in the core/crypto module of go-libp2p and can occur during the Noise handshak...

Design/Logic Flaw

A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, whi...

libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification...

libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification...

Heap-based Buffer Overflow

Overview CefSharp.Common is a the CefSharp Chromium-based browser component 'Core' and common 'Element' components, needed by both WPF and WinForms. Affected versions of this package are vulnerable to Heap-based Buffer Overflow when the ReadHuffmanCodes function is used. An attacker can craft a...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow when the ReadHuffmanCodes function is used. An attacker can craft a special WebP lossless file that triggers the ReadHuffmanCodes function to allocate the HuffmanCode buffer with a size that comes from an arra...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow when the ReadHuffmanCodes function is used. An attacker can craft a special WebP lossless file that triggers the ReadHuffmanCodes function to allocate the HuffmanCode buffer with a size that comes from an arra...

The vulnerability of the extractContigSamplesShifted8bits() function in the component/libtiff/tools/tiffcrop.c library of LibTIFF, which allows a malicious actor to cause a service failure.

The vulnerability of the extractContigSamplesShifted8bits function in the component /libtiff/tools/tiffcrop.c of the LibTIFF library is caused by a buffer overflow on the stack. Exploiting this vulnerability could allow an attacker to cause a service failure...