Fedora 38 : cpp-jwt (2024-d76e37ba62)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-d76e37ba62 advisory. Fix side channel vulnerability Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 39 : cpp-jwt (2024-56fbd2cbfa)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-56fbd2cbfa advisory. Fix side channel vulnerability Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

thingvellir (>=0.0.0-alpha1 <=0.0.2-alpha2) potentially affected by CVE-2024-27284 via cassandra-cpp (=0.15.1)

cassandra-cpp CARGO version =0.15.1 is affected by a known vulnerability. The following packages have a transitive dependency on cassandra-cpp and may be impacted: - thingvellir =0.0.0-alpha1, =0.0.2-alpha2 Source cves: CVE-2024-27284 Source advisory: OSV:RUSTSEC-2024-0017...

CVE-2024-21802

A heap-based buffer overflow vulnerability exists in the GGUF library info-ne functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

PT-2024-1985 · Unknown · Gguf Library

Name of the Vulnerable Software and Affected Versions: GGUF library affected versions not specified Description: A heap-based buffer overflow vulnerability exists in the GGUF library's header.n kv functionality of llama.cpp. This issue can be triggered by a specially crafted .gguf file, potential...

SUSE: Security Advisory (SUSE-SU-2024:0573-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:0573-1 Security update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2

This update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 fixes the following issues: abseil-cpp was updated to: Update to 20230802.1: Add StdcppWaiter to the end of the list of waiter implementations Update to 20230802.0 What's New: Added the nullability...

Security Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access.

Summary There were multiple Security Vulnerabilities that were reported against IBM Security Verify Access. These have been addressed in IBM Security Verify Access 10.0.7.0 Vulnerability Details CVEID:CVE-2023-21968 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and GraalVM Enterpris...

Bosch IP cameras Information Disclosure Vulnerability

Bosch IP cameras are network cameras from Bosch, Germany. An information disclosure vulnerability exists in Bosch IP cameras that originates from allowing an unauthenticated attacker to retrieve information about the device itself and the device's network settings. The following products and...

Updated audiofile packages fix a security vulnerability

2 patches are added to audiofile source to correct a vulnerability. In Audio File Library aka audiofile 0.3.6, there exists one NULL pointer dereference bug in ulaw2linearbuf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file. CVE-2019-13147...

CVE-2023-46603

In International Color Consortium DemoIccMAX 79ecb74, there is an out-of-bounds read in the CIccPRMG::GetChroma function in IccProfLib/IccPrmg.cpp in libSampleICC.a...

Amazon Linux 2023 : poppler, poppler-cpp, poppler-cpp-devel (ALAS2023-2023-371)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-371 advisory. 2024-07-17: CVE-2022-27337 was added to this advisory. A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service DoS via a crafted PDF file...

CVE-2023-39070

An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934...

Amazon Linux 2023 : poppler, poppler-cpp, poppler-cpp-devel (ALAS2023-2023-340)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-340 advisory. An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an...

CVE-2023-36481

An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, and W920. Improper handling of PPP length parameter inconsistency can cause an infinite loop...

DEBIAN-CVE-2021-40266

FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference...

CVE-2021-40266

FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference...

DEBIAN-CVE-2020-18831

Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS in IW44Image.cpp, by triggering a divide by zero error. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other...

CVE-2022-47069

p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCdbool at CPP/7zip/Archive/Zip/ZipIn.cpp. NOTE: the Supplier has found that this is not a buffer overflow; at most an out-of-bounds read can occur...