CVE-2022-44640

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center KDC...

Code injection

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center KDC...

CVE-2022-44640

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center KDC...

CVE-2022-44640

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center KDC...

CVE-2022-44640

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center KDC...

CVE-2022-44640

CVE-2022-44640 relates to Heimdal prior to 7.7.1, where an invalid free in the ASN.1 codec used by the KDC may allow remote code execution. The vulnerability is replicated in multiple vendor advisories (e.g., Astra Linux bulletin and Debian/Alpine security trackers) and is described as enabling a...

CVE-2022-44640

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center KDC...

Getting the correct HTML codecs parameter for an AV1 video

This post is mostly for my own reference, but I couldn't find a good guide elsewhere, so here we go! I wanted to embed a screencast in a web page, and I wanted it to be as efficient as possible. To achieve this, I created two version of the video, and embedded it like this: The MP4 version uses t...

CVE-2022-3113

An issue was discovered in the Linux kernel through 5.16-rc6. mtkvcodecfwvpuinit in drivers/media/platform/mtk-vcodec/mtkvcodecfwvpu.c lacks check of the return value of devmkzalloc and will cause the null pointer dereference...

CVE-2022-41881

A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service DoS...

HTTP Response Splitting

netty-codec-http is vulnerable to HTTP response splitting attack. The vulnerability exists in the setObject function of DefaultHeaders.java as it takes the arrays and iterators as arguments, providing a way to bypass value validation allowing an attacker to inject malicious header values into the...

Denial Of Service (DoS)

netty-codec-haproxy is vulnerable to Denial Of Service DoS. The vulnerability is due to a StackOverflowError in the HAProxyMessage.java as it does not properly limit the maximum nesting of TLV, allowing an attacker to cause an application crash via infinite recursion by passing a maliciously...

bioyino-metric (>=0.1.0 <=0.2.0), capnp-futures (>=0.10.0 <=0.12.0) +12 more potentially affected by CVE-2022-46149 via capnp (>=0.0.1 <=0.12.4)

capnp CARGO version =0.0.1, =0.1.0, =0.10.0, =0.0.1, =0.0.1, =0.2.8, =1.0.0, =0.0.5, =0.3.0, =0.0.9, =0.2.0, =0.3.1 Source cves: CVE-2022-46149 Source advisory: OSV:GHSA-QQFF-4VW4-F6HX...

bioyino-metric (>=0.1.0 <=0.2.0), capnp-futures (>=0.10.0 <=0.12.0) +12 more potentially affected by CVE-2022-46149 via capnp (>=0.0.1 <=0.12.4)

capnp CARGO version =0.0.1, =0.1.0, =0.10.0, =0.0.1, =0.0.1, =0.2.8, =1.0.0, =0.0.5, =0.3.0, =0.0.9, =0.2.0, =0.3.1 Source cves: CVE-2022-46149 Source advisory: OSV:RUSTSEC-2022-0068...

Telos Alliance Omnia MPX Node Insecure Direct Object Reference Vulnerability

The Telos Alliance Omnia MPX Node is a specialized hardware codec from Telos Alliance, USA. Capable of transmitting or receiving full FM signals at data rates as low as 320 kbps using the Omnia μMPXTM algorithm, it is ideally suited for capacity-limited networks, including IP radios. An insecure...

netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...

Satellite 6.12 Release

An update is available for libdb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky Enterprise Software Foundation Satellite is a systems management tool for...

ALSA-2022:8078 Moderate: flac security update

FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files...

PT-2022-34893 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.7 Description: The issue is related to a possible memory leak in the snd ac97 dev register function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

PT-2022-35009 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0 Description: A potential issue exists in the snd hda codec shutdown function, which may cause a page fault. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...