Eclipse Jetty Information Disclosure Vulnerability (GHSA-v7ff-8wcx-gmc5) - Windows

Eclipse Jetty is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty"...

SUSE-SU-2021:1905-1 Security update for spice-gtk

This update for spice-gtk fixes the following issues: - CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC decoding code bsc1177158...

SUSE-SU-2021:1902-1 Security update for spice

This update for spice fixes the following issues: - CVE-2021-20201: client initiated renegotiation causing denial of service bsc1181686 - CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC decoding code bsc1177158...

SUSE-SU-2021:1901-1 Security update for spice

This update for spice fixes the following issues: - CVE-2021-20201: client initiated renegotiation causing denial of service bsc1181686 - CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC decoding code bsc1177158...

PT-2021-18253 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions 1.18.2 and earlier Description: Envoy does not decode escaped slash sequences %2F and %5C in HTTP URL paths. A remote attacker may craft a path with escaped slashes, e.g. /something%2F..%2Fadmin, to bypass access control, e.g. ...

Informatica: F5 BIG-IP Cookie potentially reveal BigIP pool name, backend's IP address and port, routed domain.

Hi Team, I hope everything is well. I am Kabeer Saxena a Security Researcher and I have found a bug Issue: ---------- F5 BIG-IP Cookie Remote Information Disclosure Vulnerable IP: ---------------- ██████:443 Certificate Information: ==X509v3 Subject Alternative Name:== ==DNS:████████== Summary:...

ytnef 路径遍历漏洞

ytnef is a TNEF Transport Neutral Encapsulation Format stream reader for winmail.dat files. YTNEF suffers from a security vulnerability that stems from. An attacker could use a crafted email to cause these applications to write data to an arbitrary location on the file system, crash, or execute...

PT-2021-6775 · Unknown · Gpac Project On Advanced Content Library

Name of the Vulnerable Software and Affected Versions: GPAC Project on Advanced Content library version 1.0.1 Description: An exploitable integer truncation issue exists within the MPEG-4 decoding functionality. A specially crafted MPEG-4 input can cause improper memory allocation, resulting in a...

spice security update

0.14.3-4 - Disable client-side renegotiation to prevent potential DoS Resolves: rhbz1904459 0.14.3-3 - Fix some static analyzer issues - Removed Obsoletes line for spice-client Related: rhbz1840240 0.14.3-2 - Fix multiple buffer overflows in QUIC decoding code Resolves: rhbz1829946 0.14.3-1 -...

OPENSUSE-SU-2021:0765-1 Security update for Botan

This update for Botan fixes the following issues: - CVE-2021-24115 In Botan before 2.17.3, or this backport, constant-time computations are not used for certain decoding and encoding operations boo1182670...

httpd: mod_session_cookie does not respect expiry time

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

[SECURITY] Fedora 33 Update: python-impacket-0.9.22-3.fc33

Impacket is a collection of Python classes focused on providing access to network packets. Impacket allows Python developers to craft and decode netw ork packets in simple and consistent manner. It is highly effective when used in conjunction with a packet capture utility or package such as Pcapy...

PYSEC-2021-542

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.io.decoderaw produces incorrect results and crashes the Python interpreter when combining fixedlength and wider datatypes. The implementation of the padded...

[SECURITY] Fedora 32 Update: libopenmpt-0.4.20-1.fc32

libopenmpt is a cross-platform C++ and C library to decode tracked music files modules into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project Open ModPlug Tracker. In order to avoid code base fragmentation, libopenmpt is developed in the same source code...

Fedora: Security Advisory for libopenmpt (FEDORA-2021-9d4ea81052)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Path traversal

HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker can read arbitrary .md files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you are affected, you can t...

PT-2021-18238 · Hedgedoc · Hedgedoc

Name of the Vulnerable Software and Affected Versions: HedgeDoc affected versions not specified Description: The issue is related to an improper input validation in HedgeDoc, allowing an attacker to perform a relative path traversal and read arbitrary .md files from the server's filesystem. This...

SUSE: Security Advisory (SUSE-SU-2016:0727-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2015:1518-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2015:1383-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...