Python 3.11.x < 3.11.5, 3.12.0a1 < 3.12.0rc2 Security Bypass Vulnerability - Mac OS X

Python is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...

Multiple soundness issues

RUSTSEC-2024-0377 contains multiple soundness issues: 1. Bytes::read allows creating instances of types with invalid bit patterns 1. BytesIter::read advances iterators out of bounds 1. The BytesIter trait has safety invariants but is public and not marked unsafe 1. writefloat calls...

FRRouting FRR 缓冲区错误漏洞

FRRouting FRR is a suite of software that implements and manages various IPV4 and IPV6 routing protocols. A security vulnerability exists in FRRouting FRR version 9.0 and prior versions, which stems from a failure to check the availability of two bytes during AIGP validation...

GHSA-J8G2-6FC7-Q8F8 Pyramid static view path traversal up one directory

Impact This impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a index.html file that is located exactly one directory above the location of the static view's file system path. No further path traversal exists, and the only file that could be...

GHSA-RCX8-48PC-V9Q8 mail-internals use-after-free vulnerability in `vec_insert_bytes`

Incorrect reallocation logic in the function vecinsertbytes causes a use-after-free. This function does not have to be called directly to trigger the vulnerability because many methods on EncodingWriter call this function internally. The mail-\ suite is unmaintained and the upstream sources have...

PSF-2023-9 os.path.normpath() truncates on null bytes

Passing a path with null bytes to the os.path.normpath function causes the returned path to be unexpectedly truncated at the first occurrence of null bytes within the path. Python versions before 3.11.0 didn’t truncate the path on null bytes. If allowlisting is applied before a call to...

postgresql: Client memory disclosure when connecting with Kerberos to modified server

A flaw was found In PostgreSQL. A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions, a server can cause a libpq client to over-read and report an error message containing uninitialized bytes...

Use-after-free in `vec_insert_bytes`

Incorrect reallocation logic in the function vecinsertbytes causes a use-after-free. This function does not have to be called directly to trigger the vulnerability because many methods on EncodingWriter call this function internally. The mail-\ suite is unmaintained and the upstream sources have...

Unrestricted Upload File leads to Remote Code Execution

Description The upload file function is vulnerable that user can upload the file with other extensions .php, .phps, ... by using Magic Bytes technique. However, the .htaccess has almost prevented all the files with extensions such as php, phps, phtml, ... The attacker still can upload the hphp fi...

PT-2023-26476

Name of the Vulnerable Software and Affected Versions Crossplane versions prior to 1.11.5 Crossplane versions prior to 1.12.3 Crossplane versions prior to 1.13.0 Description Crossplane's image backend does not validate the byte contents of Crossplane packages, allowing an attacker to tamper with ...

crossplane 输入验证错误漏洞

crossplane is a framework for building cloud-native control planes without writing code. An input validation error vulnerability exists in Crossplane versions prior to 1.11.5, 1.12.3, and 1.13.0, which stems from a mirroring backend that does not validate the byte content of Crossplane packages,...

Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP

...

CVE-2023-3247 Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP

In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure ...

GHSA-F9G6-FP84-FV92 impl `FromMdbValue` for bool is unsound

The implementation of FromMdbValue has several unsoundness issues. First of all, it allows to reinterpret arbitrary bytes as a bool and could make undefined behavior happen with safe function. Secondly, it allows transmuting pointer without taking memory layout into consideration. The details of...

impl `FromMdbValue` for bool is unsound

The implementation of FromMdbValue has several unsoundness issues. First of all, it allows to reinterpret arbitrary bytes as a bool and could make undefined behavior happen with safe function. Secondly, it allows transmuting pointer without taking memory layout into consideration. The details of...

user with ADDEXTENSIONS and CHANGEEXTENSIONS will remove extension unintentional

Lines of code Vulnerability details Summary Adding extension use 4 bytes function selector to add new extension, and if user with ADDEXTENSIONS permission also has CHANGEEXTENSIONS permission and wants to add new extension and there is an extension with that function selector, extension will be...

RUSTSEC-2023-0047 impl `FromMdbValue` for bool is unsound

The implementation of FromMdbValue have several unsoundness issues. First of all, it allows to reinterpret arbitrary bytes as a bool and could make undefined behavior happen with safe function. Secondly, it allows transmuting pointer without taking memory layout into consideration. The details of...

impl `FromMdbValue` for bool is unsound

The implementation of FromMdbValue have several unsoundness issues. First of all, it allows to reinterpret arbitrary bytes as a bool and could make undefined behavior happen with safe function. Secondly, it allows transmuting pointer without taking memory layout into consideration. The details of...

[SECURITY] [DLA 3458-1] php7.3 security update

Debian LTS Advisory DLA-3458-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin June 20, 2023 https://wiki.debian.org/LTS Package : php7.3 Version : 7.3.31-1deb10u4 CVE ID : CVE-2023-3247 Niels Dossche and Tim Düsterhus discovered that PHPs implementation of the SOA...

Debian: Security Advisory (DLA-3458-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...