EulerOS Virtualization 2.11.1 : curl (EulerOS-SA-2023-2066)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when...

CVE-2023-33544

hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite...

curl: HTTP compression denial of service

A vulnerability was found in curl. This issue occurs because the number of acceptable "links" in the "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps. This flaw leads to a denial of service, either by mistake or by a...

curl: HTTP multi-header compression denial of service

A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors...

curl: HTTP multi-header compression denial of service

A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors...

hawtio vulnerable to Path Traversal

hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite...

CVE-2023-33544

hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite...

Path traversal

hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite...

PT-2023-24377 · Hawtio · Hawtio

Name of the Vulnerable Software and Affected Versions: hawtio version 2.17.2 Description: The issue allows an attacker to input malicious zip files, which can result in high-risk files after decompression being stored in any location, potentially leading to file overwrite. This is due to a Path...

CVE-2023-33544

hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite...

Important: Red Hat Security Advisory: qatzip security and bug fix update

An update for qatzip is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2023-2804

A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2mergedupsampleinternal function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could cra...

PT-2023-21504

Name of the Vulnerable Software and Affected Versions libjpeg-turbo affected versions not specified Description A heap-based buffer overflow issue was discovered in the h2v2 merged upsample internal function of the jdmrgext.c file. The issue can only be exploited with 12-bit data precision when t...

Vulnerability of the Decompression Enumeration function in Uncompressor::UncompressItem. This compression tool for XML data allows attackers to execute arbitrary code.

Vulnerability of Decompression Enumeration function: Uncompressor::UncompressItem, an XML data compression tool, is vulnerable to a memory boundary error during XML file processing. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

AZL-43795 CVE-2023-2731 affecting package openjpeg2 2.3.1-12

A NULL pointer dereference flaw was found in Libtiff's LZWDecode function in the libtiff/tiflzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or...

AlmaLinux 9 : gstreamer1-plugins-good (ALSA-2023:2260)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2260 advisory. - Integer overflow in matroskademux element in gstmatroskademuxaddwvpkheader function which allows a heap overwrite while parsing matroska files. Potentia...

RHEL 9 : gstreamer1-plugins-good (RHSA-2023:2260)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2260 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contai...

编号撤回

XPDF is an open source PDF reader from FOO Labs. The product supports decoding files in LZW compressed format and reading encrypted PDF files. This CVE number has been withdrawn...

CVE-2023-31137

MaraDNS is open-source software that implements the Domain Name System DNS. In version 3.5.0024 and prior, a remotely exploitable integer underflow vulnerability in the DNS packet decompression function allows an attacker to cause a Denial of Service by triggering an abnormal program termination...

DEBIAN-CVE-2023-31137

MaraDNS is open-source software that implements the Domain Name System DNS. In version 3.5.0024 and prior, a remotely exploitable integer underflow vulnerability in the DNS packet decompression function allows an attacker to cause a Denial of Service by triggering an abnormal program termination...