freerdp: out-of-bounds read

A flaw was found in FreeRDP-based clients. Affected versions of FreeRDP are vulnerable to an out-of-bounds read. This issue occurs when the WCHAR string is read with twice the size it has and converted to UTF-8, base64 decoded. The string is only used to compare against the redirection server...

kernel: lz4: fix LZ4_decompress_safe_partial read out of bound

In the Linux kernel, the following vulnerability has been resolved: lz4: fix LZ4decompresssafepartial read out of bound When partialDecoding, it is EOF if we've either filled the output buffer or can't proceed with reading an offset for following match. In some extreme corner cases when compresse...

ALSA-2024:9456 Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...

CVE-2024-46954

An issue was discovered in decodeutf8 in base/gputf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal...

Updated libheif packages fix security vulnerability

In Libheif, insufficient checks in ImageOverlay::parse while decoding a HEIF file containing an overlay image with forged offsets can lead to an out-of-bounds read and write. CVE-2024-41311...

RHEL 8 : container-tools:rhel8 (RHSA-2024:7769)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:7769 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: encoding/gob: golan...

CVE-2024-10573

An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is...

ALPINE-CVE-2024-10573

An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is...

encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...

Security update for go1.21-openssl

This update for go1.21-openssl fixes the following issues: CVE-2024-34158: Fixed stack exhaustion in Parse in go/build/constraint bsc1230254. CVE-2024-34156: Fixed stack exhaustion in Decoder.Decode in encoding/gob bsc1230253. CVE-2024-34155: Fixed stack exhaustion in all Parse functions...

RockyLinux 9 : skopeo (RLSA-2024:8111)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:8111 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156 Tenable...

CVE-2024-10295

A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue c...

CVE-2024-10295 Gateway: apicast basic auth bypass via malformed base64 headerssending non-base64 'basic' auth with special characters causes apicast to incorrectly authenticate a request

A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue c...

CVE-2024-10295 Gateway: apicast basic auth bypass via malformed base64 headerssending non-base64 'basic' auth with special characters causes apicast to incorrectly authenticate a request

A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue c...

The vulnerability of the OpenJPEG library for image encoding and decoding, related to uncontrolled resource consumption, allows a perpetrator to cause a service failure.

The vulnerability of the OpenJPEG library for image encoding and decoding is related to uncontrolled resource consumption. Exploiting this vulnerability can allow an attacker to cause a service failure using a specially created file...

PT-2024-7496 · Red Hat · Red Hat 3Scale Api Management

Name of the Vulnerable Software and Affected Versions: Red Hat 3scale API Management affected versions not specified Description: A flaw in the authentication mechanism of Red Hat 3scale API Management allows unauthorized access to the backend. This occurs when a non-base64 'basic' auth with...

CVE-2024-47727 x86/tdx: Fix "in-kernel MMIO" check

In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix "in-kernel MMIO" check TDX only supports kernel-initiated MMIO operations. The handlemmio function checks if the VE exception occurred in the kernel and rejects the operation if it did not. However, userspace can...

The vulnerability of the AjpRequestParser class in the ajp-listener component of the Undertow web server allows a attacker to trigger a service failure.

The vulnerability of the AjpRequestParser class in the ajp-listener component of the Undertow web server is related to an uncontrolled resource consumption due to incorrect decoding of request paths. Exploiting this vulnerability can allow a malicious actor to cause service failures...

CVE-2024-7755 HMS Networks EWON FLEXY 202 Insufficiently Protected Credentials

The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials...

DEBIAN-CVE-2024-41311

In Libheif 1.17.6, insufficient checks in ImageOverlay::parse decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write...