[SECURITY] Fedora 37 Update: suricata-6.0.15-1.fc37

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

[SECURITY] Fedora 38 Update: suricata-6.0.15-1.fc38

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

UBUNTU-CVE-2023-43642

snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service DoS attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverab...

CVE-2023-42526

Certain WithSecure products allow a remote crash of a scanning engine via decompression of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Clien...

CVE-2023-42526

Certain WithSecure products allow a remote crash of a scanning engine via decompression of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Clien...

CVE-2023-42526

Certain WithSecure products allow a remote crash of a scanning engine via decompression of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Clien...

CVE-2023-42526

Summary: CVE-2023-42526 describes a vulnerability in several WithSecure products where decompression of crafted data files can remotely crash the scanning engine. Affected products include WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithS...

CVE-2023-37281 Out-of-bounds read during IPHC address decompression

Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when processing the various IPv6 header fields during IPHC header decompression, Contiki-NG confirms the received packet buffer contains enough data as needed for that field. But no similar check is done...

CVE-2023-37281 Out-of-bounds read during IPHC address decompression

Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when processing the various IPv6 header fields during IPHC header decompression, Contiki-NG confirms the received packet buffer contains enough data as needed for that field. But no similar check is done...

CVE-2023-37281 Out-of-bounds read during IPHC address decompression

Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when processing the various IPv6 header fields during IPHC header decompression, Contiki-NG confirms the received packet buffer contains enough data as needed for that field. But no similar check is done...

Oracle Linux 7 : wireshark (ELSA-2020-1047)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1047 advisory. - Resolves: 1557212 - CVE-2018-7418 SIGCOMP dissector crash in packet-sigcomp.c - Resolves: 1588208 - CVE-2018-11362 Out-of-bounds Read in packet-ldss....

Medium: libtiff

Issue Overview: A NULL pointer dereference flaw was found in Libtiff's LZWDecode function in the libtiff/tiflzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a...

Vulnerability of the progressive_decompress() function in the RDP client FreeRDP, allowing a hacker to trigger a service failure

The vulnerability of the progressivedecompress function in the RDP client FreeRDP is related to the occurrence of operations outside the buffer in memory when processing nXSrc and nYSrc. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

SUSE CVE-2023-40181

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the zgfxdecompresssegment function. In the context of CopyMemory, it's possible to read data beyond the...

UBUNTU-CVE-2023-40569

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the progressivedecompress function. This issue is likely down to incorrect calculations of the nXSrc and nYSrc variables. This issue h...

CVE-2020-22916

DISPUTED An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is ofte...

CVE-2020-22916

An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a...

CVE-2020-22916

An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a...

CVE-2020-22916

An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a...

UBUNTU-CVE-2020-22916

DISPUTED An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is ofte...