Fedora: Security Advisory for libopenmpt (FEDORA-2021-0eb3ea2051)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2021-45830

A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5Faddrdecodelen in /hdf5/src/H5Fint.c, which could cause a Denial of Service...

PT-2022-7543 · Hdf5 +3 · Hdf5 +3

Name of the Vulnerable Software and Affected Versions: HDF5 version 1.13.1-1 Description: A heap-based buffer overflow issue exists in the H5F addr decode len function, located in the /hdf5/src/H5Fint.c file, which could cause a Denial of Service. This issue is related to writing beyond the...

Wolfssl 缓冲区错误漏洞

Wolfssl CyaSSL is a small, portable embedded SSL programming library for use by embedded systems developers from Wolfssl, USA. A buffer error vulnerability exists in Wolfssl wolfMQTT that stems from the failure of the product's MqttClientWaitType and MqttClientConnect to correctly determine memor...

Wolfssl 缓冲区错误漏洞

Wolfssl CyaSSL is a small, portable embedded SSL programming library for use by embedded systems developers from Wolfssl, USA. A buffer error vulnerability exists in Wolfssl wolfMQTT that stems from the product's failure to properly determine memory boundaries when calling MqttDecodePublish from...

Wolfssl 缓冲区错误漏洞

Wolfssl CyaSSL is a small, portable embedded SSL programming library for use by embedded systems developers from Wolfssl, USA. A buffer error vulnerability exists in Wolfssl wolfMQTT, which stems from a call to MqttClientDecodePacket from the product's MqttClientHandlePacket and MqttClientWaitTyp...

Wolfssl 缓冲区错误漏洞

Wolfssl CyaSSL is a small, portable embedded SSL programming library for embedded systems developers from Wolfssl, Inc. in the United States. Wolfssl wolfMQTT 1.9 suffers from a buffer error vulnerability that stems from a heap-based buffer overflow 4 bytes in MqttDecodePublish called from...

PT-2021-24313 · Gif2Apng +2 · Gif2Apng +2

Name of the Vulnerable Software and Affected Versions: gif2apng version 1.9 Description: A heap-based buffer overflow issue was found in the DecodeLZW function, allowing an attacker to write a large amount of arbitrary data outside the boundaries of a buffer. Recommendations: For gif2apng version...

gif2apng 缓冲区错误漏洞

gif2apng is a simple program that converts animations from GIF to APNG format. A security vulnerability exists in gif2apng, which stems from an issue found in gif2apng 1.9 where a heap-based buffer overflow vulnerability exists in the DecodeLZW function. An attacker could use this vulnerability t...

Libredwg 缓冲区错误漏洞

Libredwg is a free C library from the Free Software Foundation, USA. It is used to read and write Dwg files. LibreDWG suffers from a buffer overflow vulnerability, which stems from the inclusion of a heap buffer overflow in decodepreR13. No detailed vulnerability details are currently available...

DEBIAN-CVE-2021-21707

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile, URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the...

CVE-2021-21707

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile, URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the...

jasper: Heap-based buffer over-read in jp2_decode() in jp2_dec.c

jp2decode in jp2/jp2dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components...

python-pillow: Negative-offset memcpy in TIFF image reader

A flaw was found in python-pillow. In TiffDecode.c, there is a negative-offset memcpy with an invalid size which could lead to a system crash...

GHSA-P49H-HJVM-JG3H PCX P mode buffer overflow in Pillow

libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow...

nike.com Cross Site Scripting vulnerability OBB-2201528

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| nike.com ---|--- Open Bug Bounty...

The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.

...

DEBIAN-CVE-2021-42008

The decodedata function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAPNETADMIN capability can lead to root access...

AZL-6598 CVE-2021-42008 affecting package kernel for versions less than 5.10.78.1-1

The decodedata function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAPNETADMIN capability can lead to root access...

UBUNTU-CVE-2021-42008

The decodedata function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAPNETADMIN capability can lead to root access...