Fedora 36 : mingw-python3 (2022-45d2cfdfa4)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-45d2cfdfa4 advisory. Backport patch for CVE-2022-45061. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 35 : python3.11 (2022-e6d0495206)

The remote Fedora 35 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-e6d0495206 advisory. Update to 3.11.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Python DoS Vulnerability (Oct 2022) - Linux

Python is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

PT-2024-11781 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a null pointer dereference in the cxl/region component of the Linux kernel. This occurs when the cxl region decode reset function is called, and the -reset...

PT-2022-36814 · Git +1 · Kimageformats

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-use-after-free READ 3 crash has been reported. The crash occurs in the HEIFHandler::ensureDecoder and HEIFHandler::read functions, as seen in the...

Denial Of Service (DoS)

python3 is vulnerable to denial of service DoS attacks. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service...

Updated freerdp packages fix security vulnerability

In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. CVE-2022-39316 Affected versions of FreeRDP are missing a range check for input...

[SECURITY] [DLA 3223-1] giflib security update

Debian LTS Advisory DLA-3223-1 [email protected] https://www.debian.org/lts/security/ Helmut Grohne December 05, 2022 https://wiki.debian.org/LTS Package : giflib Version : 5.1.4-3+deb10u1 CVE ID : CVE-2018-11490 CVE-2019-15133 Debian Bug : 904114 This update fixes two file format...

[SECURITY] Fedora 36 Update: capnproto-0.9.2-1.fc36

Cap=EF=BF=BD=EF=BF=BD=EF=BF=BDn Proto is an insanely fast data interchange fo rmat and capability-based RPC system. Think JSON, except binary. Or think Protocol Buffers, except faster. In fact, in benchmarks, Cap=EF=BF=BD=EF=BF=BD=EF=BF=BDn Proto is INFINITY TIMES faster than Protocol Buffers. Th...

OESA-2022-2120 freerdp security update

FreeRDP is a client implementation of the Remote Desktop Protocol RDP that follows Microsoft's open specifications. This package provides the client applications xfreerdp and wlfreerdp. Security Fixes: FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are...

OESA-2022-2112 freerdp security update

FreeRDP is a client implementation of the Remote Desktop Protocol RDP that follows Microsoft's open specifications. This package provides the client applications xfreerdp and wlfreerdp. Security Fixes: FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are...

The vulnerability of the zgfx_decompress_segment() function in the ZGFX decoder of the FreeRDP remote desktop protocol allows a hacker to trigger a service failure.

The vulnerability of the zgfxdecompresssegment function in the ZGFX decoder of the FreeRDP remote desktop protocol lies in the fact that the operation for checking the length of input data occurs outside the buffer. Exploiting this vulnerability could allow a malicious actor to cause service...

The vulnerability of the ZGFX decoder in the implementation of the remote desktop protocol FreeRDP allows a intruder to gain unauthorized access to protected information.

The vulnerability of the ZGFX decoder in the implementation of the remote desktop protocol FreeRDP stems from the operation of pushing the index range beyond the buffer boundaries when checking the index with a shift. Exploiting this vulnerability can allow an intruder to gain unauthorized access...

Out Of Bound Reads

freerdp is vulnerable to out-of-bound reads. The vulnerability exists due to missing a range check for input offset index in ZGFX decoder which allows an attacker read out of bound data and send it back to the server...

ROS-20221121-02

A vulnerability in the FreeRDP remote desktop protocol implementation is related to the fact that there is no range check for the input offset index in the ZGFX decoder. Exploitation of the vulnerability could allow an attacker acting remotely to read the associated data and attempt to decode it...

CVE-2022-45061

A vulnerability was discovered in Python. A quadratic algorithm exists when processing inputs to the IDNA RFC 3490 decoder, such that a crafted unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be...

OSV-2022-1177 Stack-buffer-overflow in FLAC::Decoder::FuzzerDecoder::metadata_callback

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53454 Crash type: Stack-buffer-overflow WRITE 8 Crash state: FLAC::Decoder::FuzzerDecoder::metadatacallback FLAC::Decoder::Stream::metadatacallback readmetadata...

OESA-2022-2102 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

OESA-2022-2101 exiv2 security update

Exiv2 is a Cross-platform C++ library and a command line utility to manage image metadata.It provides fast and easy read and write access to the Exif, IPTC and XMP metadata and the ICC Profile embedded within digital images in various formats. Security Fixes: A vulnerability was found in Exiv2 an...

FreeRDP Buffer Overflow Vulnerability (CNVD-2022-78857)

FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP team.FreeRDP suffers from a buffer overflow vulnerability that stems from an out-of-bounds read in the ZGFX decoder component. No detailed vulnerability details are currently available...