AZL-43474 CVE-2024-37298 affecting package podman 4.1.1-26

gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of...

AZL-43083 CVE-2024-37298 affecting package telegraf for versions less than 1.31.0-2

gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of...

DEBIAN-CVE-2024-37298

gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of...

PT-2024-27455 · Unknown +5 · Gorilla/Schema +5

Name of the Vulnerable Software and Affected Versions: gorilla/schema versions prior to 1.4.1 Description: The issue concerns a memory exhaustion vulnerability in gorilla/schema. When schema.Decoder.Decode is run on a struct that has a field of type struct..., it opens up the possibility of...

OESA-2024-1761 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: A null pointer...

OESA-2024-1759 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: A null pointer...

Malicious code in null_hash_grab_decode (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2775 Malicious code in null_hash_grab_decode (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in decode-2021-fe (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d34838073a6c60e6980c2462e6fd5a775a631381a50aca2fe2f8e40addbbb336 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-2067 Malicious code in decode-2021-fe (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d34838073a6c60e6980c2462e6fd5a775a631381a50aca2fe2f8e40addbbb336 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-37305 Buffer overflow in deserialization in oqs-provider

oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODEUINT32 at the start of...

PT-2024-27803 · Ueransim · Ueransim

Name of the Vulnerable Software and Affected Versions: UERANSIM versions prior to 3.2.6 Description: The issue allows for an out-of-bounds read when a RLS packet is sent to gNodeB with a malformed PDU length. This occurs in the readOctetString function in src/utils/octet view.cpp and the...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature which allow HMAC verification with ANY asymmetric public key. If the' algorithm' field is left unspecified, an attacker can manipulate the verification process by exploiting the flexibili...

UBUNTU-CVE-2024-37568

lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663...

Fedora: Security Advisory for rust-uu_basenc (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: rust-uu_basenc-0.0.23-3.fc39

Basenc uutils decode/encode input...

PT-2024-40213 · Unknown +1 · Form Framework +1

Name of the Vulnerable Software and Affected Versions: Form Framework system extension form affected versions not specified Description: The issue concerns Insecure Deserialization in the Form Framework when used with the PHP PECL package yaml. This package can unserialize YAML contents to PHP...

[SECURITY] Fedora 40 Update: rust-uu_base32-0.0.23-3.fc40

Base32 uutils decode/encode input base32-encoding...

Authentication Bypass

firebase/php-jwt is vulnerable to Authentication Bypass. The vulnerability is due to missing algorithm checks when calling the decode method allowing attackers bypass verification when using asymmetric keys RS256, RS384, RS512, ES256, ES384, ES512 when there is no algorithm specified within the...

DEBIAN-CVE-2024-32620

HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5Faddrdecodelen in H5Fint.c, resulting in the corruption of the instruction pointer...