2842 matches found
USN-7157-1 php7.4, php8.1, php8.3 vulnerabilities
It was discovered that PHP incorrectly handled certain inputs when processed with convert.quoted-printable decode filters. An attacker could possibly use this issue to expose sensitive information or cause a crash. CVE-2024-11233 It was discovered that PHP incorrectly handled certain HTTP request...
nfs: Fix KMSAN warning in decode_getfattr_attrs()
...
UBUNTU-CVE-2024-47613
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in gstgdkpixbufdecflush within gstgdkpixbufdec.c. This function invokes memcpy, using outpix as the destination address. outpix is expected to point to the fra...
UBUNTU-CVE-2024-47607
GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gstopusdecparseheader function within gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If nchannels exceeds 64, the for loop will write beyond the...
CLSA-2024-1733908995 php: Fix of CVE-2024-11233
CVE-2024-11233: Fix buffer overflow vulnerability in convert.quoted-printable-decode filter; fix bug 74267...
GStreamer 代码问题漏洞
GStreamer is a GStreamer open source set of frameworks for processing streaming media. A code issue vulnerability exists in GStreamer that stems from a null pointer dereference vulnerability found in the gstjpegdecnegotiate function in gstjpegdec.c. The vulnerability is a result of a null pointer...
Single byte overread with convert.quoted-printable-decode filter
...
OESA-2024-2505 golang security update
. Security Fixes: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.CVE-2024-34156...
PT-2024-36063
Name of the Vulnerable Software and Affected Versions: ClipBucket-v5 versions 2.0 through 5.5.1 Revision 199 Description: ClipBucket V5 provides open source video hosting with PHP. The issue exists in the upload/photo upload.php file, specifically within the decode key function. This function...
CLSA-2024-1733429914 php: Fix of CVE-2024-11233
CVE-2024-11233: fix buffer overflow vulnerability in convert.quoted-printable-decode filter...
CLSA-2024-1733422173 php: Fix of CVE-2024-11233
CVE-2024-11233: Fix buffer overflow vulnerability in convert.quoted-printable-decode filter...
php: Fix of CVE-2024-11233
CVE-2024-11233: fix single byte overread with convert.quoted-printable-decode filter...
CLSA-2024-1733421975 php: Fix of CVE-2024-11233
CVE-2024-11233: fix single byte overread with convert.quoted-printable-decode filter...
Security update for php8
This update for php8 fixes the following issues: CVE-2024-11233: buffer overread when processing input with the convert.quoted-printable-decode filter. bsc1233702 CVE-2024-11234: possible CRLF injection in URIs when a proxy is configured in a stream context. bsc1233703 CVE-2024-8929: data exposur...
CLSA-2024-1733246329 php: Fix of CVE-2024-11233
CVE-2024-11233: fix buffer overflow vulnerability in convert.quoted-printable-decode filter...
DEBIAN-CVE-2024-53984
Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PBENABLEMALLOC is enabled, the message contains at least one field with FTPOINTER field type, custom stream callback is used with unknown stream length. and the pbdecodeex function is used with flag...
Security update for php8
This update for php8 fixes the following issues: CVE-2024-11233: Single byte overread with convert.quoted-printable-decode filter bsc1233702. CVE-2024-11234: Configuring a proxy in a stream context might allow for CRLF injection in URIs bsc1233703. CVE-2024-8929: Leak partial content of the heap...
PT-2024-8963 · Mediatek · Mediatek Vdec
Name of the Vulnerable Software and Affected Versions: MediaTek vdec affected versions not specified Description: The issue is related to a missing bounds check in the vdec component of MediaTek microprogram software, which could lead to an out of bounds write. This could result in local escalati...
PT-2024-29280 · Unknown · Contiki-Ng
Name of the Vulnerable Software and Affected Versions: Contiki-NG affected versions not specified Description: An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The issue exists in the...
PT-2024-9372
Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 133 Thunderbird versions prior to 133 Description: A null pointer dereference may have occurred in the pk12util tool, specifically in the SEC ASN1DecodeItem Util function, when handling malformed or improperly...