[SECURITY] Fedora 35 Update: dr_libs-0-0.5.20211002gitf13cbcf.fc35

Single-file audio decoding libraries for C/C++...

The vulnerability of the Python Pillow image processing library, related to reading beyond the allowed buffer data limits, allows an attacker to access confidential data and also trigger a denial-of-service attack.

The vulnerability of the image processing library in Python Pillow is related to reading data beyond the acceptable limits during the decoding of a created PCX file. Exploiting this vulnerability can allow an attacker to gain access to confidential data, as well as cause service failures...

NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0094)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have...

NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2021-0094)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted...

NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2021-0178)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has firefox packages installed that are affected by multiple vulnerabilities: - Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP...

NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0177)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has thunderbird packages installed that are affected by multiple vulnerabilities: - Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted...

NewStart CGSL CORE 5.05 / MAIN 5.05 : spice-gtk Vulnerability (NS-SA-2021-0164)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has spice-gtk packages installed that are affected by a vulnerability: - Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the...

openvswitch: use-after-free in decode_NXAST_RAW_ENCAP during the decoding of a RAW_ENCAP action

Open vSwitch aka openvswitch has a use-after-free in decodeNXASTRAWENCAP called from ofpactdecode and ofpactsdecode during the decoding of a RAWENCAP action...

CVE-2021-43304

Heap buffer overflow in ClickHouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopyop, ip, copyend , don't exceed the destination buffer's limits. JFrog...

Brizy < 2.3.12 - Authenticated File Upload and Path Traversal

Using the brizycreateblockscreenshot AJAX action, it was possible to provide a filename using the id parameter, and populate the file contents via the ibsf parameter, which would be base64-decoded and written to the file. While the plugin appended .jpg to all uploaded filenames, a double extensio...

OSV-2021-1437 Heap-buffer-overflow in unpack_32bit

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39799 Crash type: Heap-buffer-overflow WRITE 4 Crash state: unpack32bit exrdecodingrun Imf31::checkCoreFile...

Fedora: Security Advisory for dr_libs (FEDORA-2021-669df5ceb9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 34 Update: dr_libs-0-0.5.20211002gitf13cbcf.fc34

Single-file audio decoding libraries for C/C++...

[SECURITY] Fedora 33 Update: dr_libs-0-0.5.20211002gitf13cbcf.fc33

Single-file audio decoding libraries for C/C++...

Zephyr 安全漏洞

Zephyr is an open source, small, scalable, real-time operating system. a security vulnerability exists in Zephyr, which stems from the ZephyrJSON decoder incorrectly decoding arrays. No details of the vulnerability are currently available...

Libsixel invalid read vulnerability

libsixel is a package that provides encoding/decoding implementations for DEC SIXEL graphics and other converter programs. libsixel suffers from an invalid read vulnerability that can be exploited by attackers to cause a denial of service DOS via a specially crafted PSD file...

Infinite Loop in rencode

The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding such as via ;\x2f\x7f, enabling a remote attack that consumes CPU and memory...

GHSA-GH8J-2PGF-X458 Infinite Loop in rencode

The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding such as via ;\x2f\x7f, enabling a remote attack that consumes CPU and memory...

DEBIAN-CVE-2021-40839

The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding such as via ;\x2f\x7f, enabling a remote attack that consumes CPU and memory...

CVE-2021-40839

The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding such as via ;\x2f\x7f, enabling a remote attack that consumes CPU and memory...