RHEL 4 : openssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssl: Memory corruption in the ASN.1 encoder CVE-2016-2108 - Rejected reason: DO NOT USE THIS CANDIDAT...

[SECURITY] Fedora 39 Update: rust-rav1e-0.7.1-2.fc39

The fastest and safest AV1 encoder...

Internet Bug Bounty: CVE-2024-32760 in nginx

CVE-2024-32760 was discovered in the HTTP/3 QUIC module of NGINX Plus and NGINX OSS. When the module was configured, undisclosed HTTP/3 encoder instructions could cause NGINX worker processes to terminate or experience other potential impact...

CVE-2024-32760

A flaw was found in the nginx HTTP/3 implementation. Undisclosed HTTP/3 encoder instructions can trigger an out-of-bounds write error, causing worker processes to crash, leading to a denial of service or other potential impacts. Mitigation Mitigation for this issue is either not available or the...

PT-2024-40340 · Symfony · Symfony

Name of the Vulnerable Software and Affected Versions: Symfony versions 2.0.x Description: The issue concerns the XMLEncoder component's failure to disable external entities when parsing XML, allowing for the inclusion of arbitrary files from the file system. This can be exploited in the Symfony2...

PT-2024-40376 · Symfony · Symfony

Name of the Vulnerable Software and Affected Versions: Symfony versions 2.0.x Description: The issue concerns the XMLEncoder component's failure to disable external entities when parsing XML, allowing for the inclusion of arbitrary files from the file system. This can be exploited in the Symfony2...

ALPINE-CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...

CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...

CVE-2024-32760 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...

CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...

The vulnerability of the `vidtv_s302m_encoder_init()` function in the `drivers/media/test-drivers/vidtv/vidtv_s302m.c` file of the Vidtv driver for the Linux operating system, which allows a hacker to cause a service failure.

The vulnerability of the vidtvs302mencoderinit function in the drivers/media/test-drivers/vidtv/vidtvs302m.c file of the Vidtv driver for the Linux operating system is related to the lack of code checks for the vzalloc function’s return value. Exploiting this vulnerability could allow an attacker...

Fedora: Security Advisory for rust-rav1e (FEDORA-2024-ce2936b568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: rust-rav1e-0.7.1-2.fc40

The fastest and safest AV1 encoder...

ALSA-2024:3095 Moderate: vorbis-tools security update

The vorbis-tools packages provide an encoder, a decoder, a playback tool, and a comment editor for Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format. Security Fixes: vorbis-tools: Buffer Overflow vulnerability CVE-2023-43361...

CVE-2021-47316 nfsd: fix NULL dereference in nfs3svc_encode_getaclres

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix NULL dereference in nfs3svcencodegetaclres In error cases the dentry may be NULL. Before 20798dfe249a, the encoder also checked dentry and dreallyispositivedentry, but that looks like overkill to me--zero status should ...

CVE-2021-47316 nfsd: fix NULL dereference in nfs3svc_encode_getaclres

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix NULL dereference in nfs3svcencodegetaclres In error cases the dentry may be NULL. Before 20798dfe249a, the encoder also checked dentry and dreallyispositivedentry, but that looks like overkill to me--zero status should ...

SUSE CVE-2024-35799

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Prevent crash when disable stream Why Disabling stream encoder invokes a function that no longer exists. How Check if the function declaration is NULL in disable stream encoder...

SUSE CVE-2024-35919

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect encoder context list Add a lock for the ctxlist, to avoid accessing a NULL pointer within the 'vpuencipihandler' function when the ctxlist has been deleted due to an unexpected...

DEBIAN-CVE-2024-35919

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect encoder context list Add a lock for the ctxlist, to avoid accessing a NULL pointer within the 'vpuencipihandler' function when the ctxlist has been deleted due to an unexpected...

CVE-2024-35919

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect encoder context list Add a lock for the ctxlist, to avoid accessing a NULL pointer within the 'vpuencipihandler' function when the ctxlist has been deleted due to an unexpected...