The vulnerability of the put_qpel_0_0_fallback_16 function (fallback-motion.cc) in the implementation of the h.265 Libde265 video codec allows a perpetrator to trigger a service failure.

The vulnerability of the putqpel00fallback16 function in fallback-motion.cc in the h.265 Libde265 implementation is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow a remote attacker to trigger a service failure using a specially created file...

Moderate: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

golang: cmd/go: Protocol Fallback when fetching modules

A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure "git://" if trying to fetch a .git module that has no "https://" or "git+ssh://" available...

ALSA-2024:0887 Moderate: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP requests CVE-2023-39326 golang: cmd/go: Protocol Fallback when fetching modules CVE-2023-452...

Moderate: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP requests CVE-2023-39326 golang: cmd/go: Protocol Fallback when fetching modules CVE-2023-452...

PT-2024-7687 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to an out-of-bounds access in the crypto: arm64/neonbs component of the Linux kernel, specifically in the bit-sliced implementation of AES-CTR. This implementation...

CVE-2024-25121 Improper Access Control Persisting File Abstraction Layer Entities via Data Handler in TYPO3

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer FAL could be persisted directly via DataHandler. This allowed attackers to reference files in the fallback storage directly and retrieve...

CVE-2024-25121 Improper Access Control Persisting File Abstraction Layer Entities via Data Handler in TYPO3

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer FAL could be persisted directly via DataHandler. This allowed attackers to reference files in the fallback storage directly and retrieve...

PT-2024-20762 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 8.7.57 ELTS TYPO3 versions prior to 9.5.46 ELTS TYPO3 versions prior to 10.4.43 ELTS TYPO3 versions prior to 11.5.35 LTS TYPO3 versions prior to 12.4.11 LTS TYPO3 versions prior to 13.0.1 Description: In affected...

phpMyFAQ Security Vulnerabilities

phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ version 3.2.4, which stems from an insecure fallback of a filename in phpMyFAQphpmyfaqadminattachments.php that could result in allowing JavaScript...

OESA-2023-1935 golang security update

. Security Fixes: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of...

CVE-2023-45285

A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure "git://" if trying to fetch a .git module that has no "https://" or "git+ssh://" available. Mitigation This issue only affects users who are not using the module proxy and are fetching modules directly i.e...

SUSE CVE-2023-45285

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...

AZL-32101 CVE-2023-45285 affecting package golang for versions less than 1.21.6-1

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...

AZL-32103 CVE-2023-45285 affecting package msft-golang for versions less than 1.22.3-1.

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...

CVE-2023-45285 Command 'go get' may unexpectedly fallback to insecure git in cmd/go

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...

CVE-2023-45285

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...

GO-2023-2383 Command 'go get' may unexpectedly fallback to insecure git in cmd/go

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...

kernel: Linux kernel: Denial of Service due to incorrect FDIR filter fallback logic

A flaw was found in the Linux kernel. Incorrect fallback logic within the FDIR Flow Director filter handling of the 'ice' network driver can occur when adding a filter. A local attacker with low privileges could exploit this flaw, leading to a memory leak. This memory leak could eventually result...

PartyGovernance contract cannot accept Eth

Lines of code Vulnerability details Impact The PartyGovernance contract does not have payable in it fallback back function which is the main context of allowing a contract to accept Ether or else it will revert or lost forever if receive. Proof of Concept Lack of payable fallback function is...