7653 matches found
CVE-2022-46149
A flaw was found in capnproto and capnp projects where a specially-crafted pointer could escape bounds checking by exploiting inconsistent handling of pointers when a list-of-structs is downgraded to a list-of-pointers...
Malware Authors 'Accidentally' Crash KmsdBot Cryptocurrency Mining Botnet
An ongoing analysis into an up-and-coming cryptocurrency mining botnet known as KmsdBot has led to it being accidentally taken down by the threat actors themselves. KmsdBot, as christened by the Akamai Security Intelligence Response Team SIRT, came to light mid-November 2022 for its ability to...
static-dev-server directory traversal vulnerability
static-dev-server is a simple http server for serving static resource files from a local directory and automatically reloading them when they change. A directory traversal vulnerability exists in all versions of npm static-dev-server, which stems from a lack of validity checking of paths when...
Ubuntu: Security Advisory (USN-5749-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15: libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc (SUSE-SU-2022:4284-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4284-1 advisory. Security fixes: - CVE-2022-32888: Fixed possible arbitrary code execution via maliciously crafted web content bsc1205121. -...
USN-5749-1: libsamplerate vulnerability
Erik de Castro Lopo and Agostino Sarubbo discovered that libsamplerate did not properly perform bounds checking. If a user were tricked into processing a specially crafted audio file, an attacker could possibly use this issue to cause a crash...
USN-5749-1 libsamplerate vulnerability
Erik de Castro Lopo and Agostino Sarubbo discovered that libsamplerate did not properly perform bounds checking. If a user were tricked into processing a specially crafted audio file, an attacker could possibly use this issue to cause a crash...
PT-2023-1352
Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1 STRING but the public structure definition for...
PT-2024-11883 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A buffer overflow issue has been resolved in the Linux kernel, specifically in the wifi: cfg80211 component. The problem arises from an assumption that 5 octets are present for vendor...
qpress directory traversal vulnerability
qpress is a patched version of the qpress file archiver program by the individual developer EvgeniyPatlan. A directory traversal vulnerability exists in qpress versions 11.3 and prior to 2022.08.19, which stems from a lack of checking of paths when processing directory requests and can be exploit...
Cross-Site Request Forgery (CSRF)
fastify is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists due to the incorrect Content-Type used in the ContentTypeParser function of contentTypeParser.js, allowing an attacker to bypass the Pre-Flight checking of fetch.fetch requests with Content-Type’s as...
SUSE SLED15: WebKit2GTK-4.0-lang / WebKit2GTK-4.1-lang / WebKit2GTK-5.0-lang / etc (SUSE-SU-2022:4207-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4207-1 advisory. Security fixes: - CVE-2022-32888: Fixed possible arbitrary code execution via maliciously crafte...
Ubuntu: Security Advisory (USN-5735-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Cross site request forgery (csrf)
Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect Content-Type to bypass the Pre-Flight checking of fetch. fetch requests with Content-Type’s essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could...
SUSE-SU-2022:4185-1 Security update for strongswan
This update for strongswan fixes the following issues: - CVE-2022-40617: Fixed that using untrusted URIs for revocation checking could lead to denial of service bsc1203556...
SUSE-SU-2022:4159-1 Security update for strongswan
This update for strongswan fixes the following issues: - CVE-2022-40617: Fixed that using untrusted URIs for revocation checking could lead to denial of service bsc1203556...
CVE-2022-36227
In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the...
USN-5733-1: FLAC vulnerabilities
It was discovered that FLAC was not properly performing memory management operations, which could result in a memory leak. An attacker could possibly use this issue to cause FLAC to consume resources, leading to a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and...
USN-5733-1 flac vulnerabilities
It was discovered that FLAC was not properly performing memory management operations, which could result in a memory leak. An attacker could possibly use this issue to cause FLAC to consume resources, leading to a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and...
Denial Of Service (DoS)
tensorflow is vulnerable to denial of service. The vulnerability exists in the FusedResizeAndPadConv2D function of nnops.cc due to improper buffer size checking which allows an attacker to cause an application crash by providing malicious input...