DEBIAN-CVE-2024-47777

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gstwavparsesmplchunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is...

AZL-62342 CVE-2024-47775 affecting package gstreamer1 1.20.0-2

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parseds64 function within gstwavparse.c. The parseds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multipl...

Medium: libxml2

Issue Overview: An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. CVE-2024-34459 Affected Packages: libxml2 Issue Correction: Run dnf...

Tenable Security Center < 6.5.1 Multiple Vulnerabilities (TNS-2024-20)

According to its self-reported version, the Tenable Security Center running on the remote host is prior to 6.5.1. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2024-20 advisory. - In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14,...

php: Password_verify() always return true with some hash

A vulnerability was found in PHP. This security flaw occurs when malformatted BCrypt hashes that include a $ within their salt part trigger a buffer overread and may erroneously validate any password as valid...

The vulnerability of the bpf component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the bpf component in the Linux operating system’s kernel is related to errors in reading beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the ops component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the ops component in the Linux operating system’s kernel is related to errors in reading beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the max9759 component in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the max9759 component in the Linux operating system is related to errors in reading beyond the buffer boundaries of memory. Exploiting this vulnerability can allow an attacker to cause a service failure...

SUSE SLES15 / openSUSE 15 Security Update : php8 (SUSE-SU-2024:4215-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4215-1 advisory. - CVE-2024-11233: buffer overread when processing input with the convert.quoted-printable-decode filter. bsc1233702 -...

ruby security update

3.0.7-163 - Fix REXML ReDoS vulnerability. CVE-2024-49761 Resolves: rbhz2322153 3.0.7-162 - Upgrade to Ruby 3.0.7. Resolves: RHEL-35740 - Fix HTTP response splitting in CGI. Resolves: RHEL-35741 - Fix ReDoS vulnerability in URI. Resolves: RHEL-35742 - Fix ReDoS vulnerability in Time. Resolves:...

CBL Mariner 2.0 Security Update: php (CVE-2024-11233)

The version of php installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-11233 advisory. - In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, due to an error in...

CVE-2024-5991

...

ruby:3.1 security update

ruby 3.1.5-145 - Fix REXML ReDoS vulnerability. CVE-2024-49761 Resolves: RHEL-68530 3.1.5-144 - Upgrade to Ruby 3.1.5. Resolves: RHEL-33978 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-34129 - Fix RCE vulnerability with .rdocoptions in RDoc. Resolves: RHEL-34121 - Fix arbitrary...

Security update for php8

This update for php8 fixes the following issues: CVE-2024-11233: buffer overread when processing input with the convert.quoted-printable-decode filter. bsc1233702 CVE-2024-11234: possible CRLF injection in URIs when a proxy is configured in a stream context. bsc1233703 CVE-2024-8929: data exposur...

SUSE-SU-2024:4215-1 Security update for php8

This update for php8 fixes the following issues: - CVE-2024-11233: buffer overread when processing input with the convert.quoted-printable-decode filter. bsc1233702 - CVE-2024-11234: possible CRLF injection in URIs when a proxy is configured in a stream context. bsc1233703 - CVE-2024-8929: data...

The vulnerabilities of the s390/cio components of Linux kernel, which allow a hacker to trigger a service failure

The vulnerability of the s390/cio components of the Linux operating system’s kernel is related to errors in reading beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerabilities of the functions bnaddebugfs_write_regrd() and bnaddebugfs_write_regwr() in the driver/net/ethernet/brocade/bna/bnaddebugfs.c file of the bna component in the Linux kernel allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerabilities of the functions bnaddebugfswriteregrd and bnaddebugfswriteregwr in the driver/net/ethernet/brocade/bna/bnaddebugfs.c module of the bna component of the Linux kernel are related to errors in reading beyond the buffer boundaries. Exploiting these vulnerabilities could allow an...

The vulnerability of the kasan component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the kasan component in the Linux operating system’s kernel is related to errors in reading beyond the buffer boundaries of memory. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2017-13319

In pvmp3getmaindatasize of pvmp3getmaindatasize.cpp, there is a possible buffer overread due to a missing bounds check. This could lead to remote information disclosure of global static variables with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2017-13319

In pvmp3getmaindatasize of pvmp3getmaindatasize.cpp, there is a possible buffer overread due to a missing bounds check. This could lead to remote information disclosure of global static variables with no additional execution privileges needed. User interaction is not needed for exploitation...