SUSE CVE-2020-11097

In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARYDRAWINGORDERFIELDBYTES. This is fixed in version 2.1.2...

SUSE CVE-2020-11501

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 2018-07-16 because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks...

SUSE CVE-2020-13757

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...

SUSE CVE-2020-36323

In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed or the program to crash if the borrowed string changes after its length is checked...

SUSE CVE-2022-2097

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...

SUSE CVE-2022-23558

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in TfLiteIntArrayCreate. The TfLiteIntArrayGetSizeInBytes returns an int instead of a sizet. An attacker can control model inputs such that computedsize overflows the...

SUSE CVE-2022-23852

Expat aka libexpat before 2.4.4 has a signed integer overflow in XMLGetBuffer, for configurations with a nonzero XMLCONTEXTBYTES...

SUSE CVE-2022-29210

TensorFlow is an open source platform for machine learning. In version 2.8.0, the TensorKey hash function used total estimated AllocatedBytes, which a is an estimate per tensor, and b is a very poor hash function for constants e.g. int32t. It also tried to access individual tensor bytes through...

SUSE CVE-2022-39831

An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function readbytesinternal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service application crash or possibly have unspecified other impact. This issue is different from CVE-2018-20230...

SUSE CVE-2022-41862

In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes...

SUSE CVE-2023-24021

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILESTMPCONTENT collection...

PT-2023-2198 · Golang +11 · Net/Http +12

Name of the Vulnerable Software and Affected Versions: GoLang net/http and mime/multipart affected versions not specified Description: A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can...

UBUNTU-CVE-2022-41862

In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes...

PostgreSQL server -- Client memory disclosure when connecting, with Kerberos, to modified server.

PostgreSQL Project reports: A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. When a libpq client application has a Kerberos credential cache and doesn't explicitly disable option gssencmode, a server can cause libpq to...

ALPINE-CVE-2023-23931

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to b...

CVE-2023-23931 Cipher.update_into can corrupt memory in pyca cryptography

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to b...

buf_redux is Unmaintained

Last release was over three years ago. The maintainers have been unreachable to respond to any issues that may or may not include security issues. The repository is now archived and there is no security policy in place to contact the maintainers otherwise. The safety-undocumented unsafe in the...

RUSTSEC-2023-0028 buf_redux is Unmaintained

Last release was over three years ago. The maintainers have been unreachable to respond to any issues that may or may not include security issues. The repository is now archived and there is no security policy in place to contact the maintainers otherwise. The safety-undocumented unsafe in the...

AZL-44475 CVE-2023-24021 affecting package mod_security for versions less than 2.9.7-8

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILESTMPCONTENT collection...

DEBIAN-CVE-2023-24021

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILESTMPCONTENT collection...