[SECURITY] Fedora 40 Update: rust-szip-1.0.0-6.fc40

A fast command line tool for snappy compression and decompression...

GO-2024-2632 JWX vulnerable to a denial of service attack using compressed JWE message in github.com/lestrrat-go/jwx

An attacker with a trusted public key may cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the recipient, it results in significant memory allocation and processing time duri...

[SECURITY] Fedora 39 Update: suricata-6.0.19-1.fc39

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

[SECURITY] Fedora 40 Update: suricata-7.0.5-1.fc40

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

AZL-40738 CVE-2024-32615 affecting package hdf5 for versions less than 1.14.4-1

HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Znbitdecompressonebyte in H5Znbit.c, caused by the earlier use of an initialized pointer...

HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Z__nbit_decompress_one_byte in H5Znbit.c caused by the earlier use of an initialized pointer.

...

SUSE CVE-2024-32615

HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Znbitdecompressonebyte in H5Znbit.c, caused by the earlier use of an initialized pointer...

RHEL 6 : gstreamer-plugins-good (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gstreamer-plugins-good: Heap corruption in matroska demuxing CVE-2021-3498 - gstreamer-plugins-good:...

RHEL 7 : gstreamer-plugins-good (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gstreamer-plugins-good: Heap buffer overflow in FLIC decoder CVE-2016-9636 - The gstaacparsesinksetcaps...

HDF Group HDF5 安全漏洞

HDF Group HDF5 is a suite of tools for managing and storing different types of data from the American company HDF Group. The product supports managing, manipulating, viewing and analyzing data and generating files in portable formats. A security vulnerability exists in HDF5 Library version 1.14.3...

PT-2024-6202 · Hdf5 +2 · Hdf5 +2

Name of the Vulnerable Software and Affected Versions: HDF5 versions prior to 1.14.3 Description: The issue is related to a heap-based buffer overflow in the H5Z nbit decompress one byte function in the H5Znbit.c file of the HDF5 library. This overflow is caused by the earlier use of an initializ...

Integer Underflow

libfreerdp.so is vulnerable to an Integer Underflow. The vulnerability is due improper check to ensure a value remains greater than the len value during decompression in the nscrledecode function, which results in improper memory operations based on unchecked length values...

freerdp: Out-of-bounds write in the `progressive_decompress` function due to incorrect calculations

A flaw was found in FreeRDP. Incorrect calculations in the progressivedecompress function may allow for a buffer overflow, resulting in a crash...

SUSE CVE-2024-3203

A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Affected is the function ndlz8decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit...

RHEL 9 : skopeo (RHSA-2024:2549)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2549 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and...

SUSE CVE-2024-28180

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

[SECURITY] Fedora 40 Update: upx-4.2.3-1.fc40

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

OESA-2024-1473 cri-o security update

Open Container Initiative-based implementation of Kubernetes Container Runtime Interface. Security Fixes: Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amount...

OESA-2024-1474 cri-o security update

Open Container Initiative-based implementation of Kubernetes Container Runtime Interface. Security Fixes: Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amount...

OESA-2024-1472 cri-o security update

Open Container Initiative-based implementation of Kubernetes Container Runtime Interface. Security Fixes: Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amount...