PT-2023-35789 · Python · Python

Name of the Vulnerable Software and Affected Versions: Python affected versions not specified Description: The issue is related to a heap-buffer-overflow read error. It occurs in the unicode decode utf8 function, which is called by PyUnicode DecodeUTF8 and PyPegen formatted value. Recommendations...

DEBIAN-CVE-2021-43612

In lldpd before 1.0.13, when decoding SONMP packets in the sonmpdecode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets...

[SECURITY] Fedora 37 Update: ffmpeg-5.1.3-1.fc37

FFmpeg is a leading multimedia framework, able to decode, encode, transcode, mux, demux, stream, filter and play pretty much anything that humans and machines have created. It supports the most obscure ancient formats up to the cutting edge. No matter if they were designed by some standards...

CentOS 8 : nodejs:14 (CESA-2023:1743)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:1743 advisory. - The glob-parent package before 6.0.1 for Node.js allows ReDoS regular expression denial of service attacks against the enclosure regular expression...

decode-uri-component: improper input validation resulting in DoS

A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service...

decode-uri-component: improper input validation resulting in DoS

A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service...

decode-uri-component: improper input validation resulting in DoS

A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service...

Tenda N300 F3 12.01.01.48 - Malformed HTTP Request Header Processing

!/usr/bin/python3 Exploit Title: Tenda N300 F3 12.01.01.48 - Malformed HTTP Request Header Processing Shodan Dork: http.favicon.hash:-2145085239 http.title:"Tenda | LOGIN" Date: 09/03/2023 Exploit Author: @h454nsec Github: https://github.com/H454NSec/CVE-2020-35391 Vendor Homepage:...

DEBIAN-CVE-2023-29419

An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3decodeblock out-of-bounds read...

DEBIAN-CVE-2023-29421

An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an out-of-bounds write in bz3decodeblock...

UBUNTU-CVE-2023-29416

An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3decodeblock out-of-bounds write can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais...

PT-2023-22249 · Bzip3 · Bzip3

Name of the Vulnerable Software and Affected Versions: bzip3 versions prior to 1.2.3 Description: An issue was discovered in libbzip3.a. There is an out-of-bounds write in the bz3 decode block function. Recommendations: For versions prior to 1.2.3, update to version 1.2.3 or later to resolve the...

PT-2023-22248 · Bzip3 · Bzip3

Name of the Vulnerable Software and Affected Versions: bzip3 versions prior to 1.2.3 Description: An issue was discovered in libbzip3.a. There is a crash caused by an invalid memmove in bz3 decode block. Recommendations: For versions prior to 1.2.3, update to version 1.2.3 or later to resolve the...

Security Bulletin: decode-uri-component is vulnerable to CVE-2022-38900 used in IBM Maximo Application Suite

Summary IBM Maximo Application Suite uses decode-uri-component which is vulnerable to CVE-2022-38900. Vulnerability Details CVEID:CVE-2022-38900 DESCRIPTION: decode-uri-component is vulnerable to a denial of service, caused by improper input validation by the decodeComponents function. By sending...

DEBIAN-CVE-2023-28879

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then...

UBUNTU-CVE-2023-28879

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then...

SUSE CVE-2023-22845

An out-of-bounds read vulnerability exists in the TGAInput::decodepixel functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability...

DEBIAN-CVE-2023-22845

An out-of-bounds read vulnerability exists in the TGAInput::decodepixel functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability...

UBUNTU-CVE-2023-22845

An out-of-bounds read vulnerability exists in the TGAInput::decodepixel functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2023-22845

An out-of-bounds read vulnerability exists in the TGAInput::decodepixel functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability...