3259 matches found
OESA-2024-1474 cri-o security update
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface. Security Fixes: Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amount...
OESA-2024-1473 cri-o security update
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface. Security Fixes: Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amount...
OESA-2024-1472 cri-o security update
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface. Security Fixes: Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amount...
The vulnerability of the Apache Commons Compress library, related to uncontrolled resource consumption, allows attackers to influence the accessibility of protected information.
The vulnerability of the Apache Commons Compress library is related to an uncontrolled resource consumption during the decompression of a corrupted Pack200 file. Exploiting this vulnerability allows an attacker to compromise the accessibility of protected information...
[SECURITY] Fedora 39 Update: upx-4.2.3-1.fc39
UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...
archiver 路径遍历漏洞
archiver is a compression/decompression utility program. A path traversal vulnerability exists in archiver. An attacker could use this vulnerability to create specially crafted tar files that, when decompressed, could allow access to restricted files or directories...
Out-of-bounds Write
gtkwave is vulnerable to Out-of-bounds Write. The vulnerabilities stem from flaws in the VZT vztrdgetfacname decompression functionality in .vzt file, allowing arbitrary code execution via a specially crafted file...
Out-of-bounds Write
gtkwave is vulnerable to Out-of-bounds Write. The vulnerabilities are due to flaws in the VZT vztrdgetfacname decompression functionality in .vzt file, allowing arbitrary code execution via a specially crafted file...
Fedora: Security Advisory for suricata (FEDORA-2024-34eba1b1a6)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-4aef1d6ece)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHCOS 4 : OpenShift Container Platform 4.14.19 (RHSA-2024:1567)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1567 advisory. - golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 - jose-go: improper handling of...
DEBIAN-CVE-2024-3204
A vulnerability has been found in c-blosc2 up to 2.13.2 and classified as critical. Affected by this vulnerability is the function ndlz4decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz4x4.c. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. Th...
RHCOS 4 : OpenShift Container Platform 4.15.6 (RHSA-2024:1563)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1563 advisory. - golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 - golang-protobuf:...
Buffer Overflow
gtkwave is vulnerable to Buffer Overflow. The vulnerability is due to insecure handling of decompression in the uncompress function. This allows an attacker to execute arbitrary code by providing a maliciously crafted .fst file...
Buffer Overflow
gtkwave is vulnerable to Buffer Overflow. The vulnerability is caused due to insufficient input validation in the decompression function LZ4decompresssafepartial.This potentially leads to arbitrary code execution...
OS Command Injection
gtkwave is vulnerable to OS Command Injection. The vulnerability is due to insufficient validation of input during the decompression functionality while .ghw decompression, enabling attackers to execute arbitrary commands by crafting a malicious wave file...
OS Command Injection
gtkwave is vulnerable to OS Command Injection. The vulnerability is due to inadequate input validation in the decompression functionality in vcdmain, enabling attackers to execute arbitrary commands through a specially crafted wave file...
OS Command Injection
gtkwave is vulnerable to OS Command Injection. The vulnerability is due to insufficient input validation in the decompression functionality in the vcd2lxt utility, which allows attackers to execute arbitrary commands by exploiting a specially crafted wave file...
OS Command Injection
gtkwave is vulnerable to OS Command Injection. The vulnerability is due to inadequate input validation in the decompression functionality in the vcd2vzt utility, allowing attackers to execute arbitrary commands by exploiting a specially crafted wave file...
[SECURITY] Fedora 38 Update: suricata-6.0.17-1.fc38
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...