RockyLinux 8 : container-tools:rhel8 (RLSA-2023:2758)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2758 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stack exhaustion in all Parse functions CVE-2022-196...

EUVD-2019-5269

Malware in sbrugna...

EUVD-2004-2257

Malware in sbrugna...

CVE-2021-21401

Nanopb is a small code-size Protocol Buffers implementation in ansi C. In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid free or realloc calls if the message type contains an oneof field, and the oneof directly contains both a pointer field and ...

CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion

ASA-2024-0012: Transaction decoding may result in a stack overflow When decoding a maliciously formed packet with a deeply-nested structure, it may be possible for a stack overflow to occur and result in a network halt. This was addressed by adding a recursion limit while decoding the packet...

SUSE-SU-2022:2673-1 Security update for python-ujson

This update for python-ujson fixes the following issues: - CVE-2022-31116: Fixed improper decoding of escaped surrogate characters bsc1201255. - CVE-2022-31117: Fixed a double free while reallocating a buffer for string decoding bsc1201254...

SUSE-SU-2021:1940-1 Security update for python-Pillow

This update for python-Pillow fixes the following issues: - CVE-2021-25290: Fixed a negative-offset memcpy with an invalid size in TiffDecode.c bsc1183105. - CVE-2021-27922,CVE-2021-27923: Fixed improper reported size of a contained image bsc1183108,bsc1183107 - CVE-2020-35653: Fixed buffer...

OPENSUSE-SU-2021:0765-1 Security update for Botan

This update for Botan fixes the following issues: - CVE-2021-24115 In Botan before 2.17.3, or this backport, constant-time computations are not used for certain decoding and encoding operations boo1182670...

OPENSUSE-SU-2020:0562-1 Security update for vlc

This update for vlc fixes the following issues: vlc was updated to version 3.0.9.2: + Misc: Properly bump the version in configure.ac. Changes from version 3.0.9.1: + Misc: Fix VLSub returning 401 for earch request. Changes from version 3.0.9: + Core: Work around busy looping when playing an...

tcpdump: multiple overflow issues in protocol decoding

Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode without -w which...

Oracle Linux 7 : libtasn1 (ELSA-2014-0687)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0687 advisory. 3.3-5 - Added missing check for null pointer 1102338 3.3-4 - Fix multiple decoding issues 1102338 Tenable has extracted the preceding description block...

libtasn1 security update

3.3-5 - Added missing check for null pointer 1102338 3.3-4 - Fix multiple decoding issues 1102338...

MGASA-2013-0333 Updated libjpeg packages fix vulnerabilities in libjpeg-turbo

Updated libjpeg packages fix security vulnerabilities: libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding images with missing SOS data for the luminance component Y in presence of valid chroma data Cr, Cb CVE-2013-6629. libjpeg-turbo will use uninitialized memory when handli...

Mozilla: Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues (MFSA 2012-29)

Multiple cross-site scripting XSS vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbitrary web script or HTML via the 1 ISO-2022-KR or ...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-20 Miscellaneous memory safety hazards rv:12.0/ rv:10.0.4 MFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9 MFSA 2012-22 use-after-free in IDBKeyRange MFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface MFSA 2012-24 Potential XSS...

GLSA-200501-19 : imlib2: Buffer overflows in image decoding

The remote host is affected by the vulnerability described in GLSA-200501-19 imlib2: Buffer overflows in image decoding Pavel Kankovsky discovered that several buffer overflows found in the libXpm library see GLSA 200409-34 also apply to imlib see GLSA 200412-03 and imlib2. He also fixed a number...