48 matches found
PT-2026-47560
Impact Applications that call OptionalConverters.WithExpandoObjectConverter and deserialize untrusted data are open to a vulnerability by which an attacker can exploit a On² algorithm to burn an inordinate amount of CPU effort by adding a great many properties to an ExpandoObject, whose Add metho...
EUVD-2023-29157
Malicious code in bioql PyPI...
RLSA-2024:2980 Moderate: harfbuzz security update
HarfBuzz is an implementation of the OpenType Layout engine. Security Fixes: harfbuzz: allows attackers to trigger On^2 growth via consecutive marks CVE-2023-25193 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer...
Linux Distros Unpatched Vulnerability : CVE-2023-25193
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base...
Amazon Linux 2 : harfbuzz (ALAS-2024-2587)
The version of harfbuzz installed on the remote host is prior to 1.7.5-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2587 advisory. hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the proces...
Medium: harfbuzz
Issue Overview: hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks. CVE-2023-25193 Affected Packages: harfbuzz Note: This advisory is applicable to Amazon Linux 2...
harfbuzz security update
1.7.5-4 - Resolves:RHEL-8400 allows attackers to trigger On^2 growth via consecutive marks...
RHEL 8 : harfbuzz (RHSA-2024:2980)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2980 advisory. HarfBuzz is an implementation of the OpenType Layout engine. Security Fixes: harfbuzz: allows attackers to trigger On^2 growth via consecutive marks...
Moderate: Red Hat Security Advisory: harfbuzz security update
An update for harfbuzz is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
ALSA-2024:2980 Moderate: harfbuzz security update
HarfBuzz is an implementation of the OpenType Layout engine. Security Fixes: harfbuzz: allows attackers to trigger On^2 growth via consecutive marks CVE-2023-25193 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer...
EulerOS Virtualization 3.0.6.6 : harfbuzz (EulerOS-SA-2024-1652)
According to the versions of the harfbuzz packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the...
Huawei EulerOS: Security Advisory for harfbuzz (EulerOS-SA-2024-1652)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: harfbuzz security update
An update for harfbuzz is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Moderate: harfbuzz security update
HarfBuzz is an implementation of the OpenType Layout engine. Security Fixes: harfbuzz: allows attackers to trigger On^2 growth via consecutive marks CVE-2023-25193 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer...
Huawei EulerOS: Security Advisory for harfbuzz (EulerOS-SA-2024-1142)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : harfbuzz (EulerOS-SA-2024-1142)
According to the versions of the harfbuzz packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking...
EulerOS 2.0 SP11 : grpc (EulerOS-SA-2023-3007)
According to the versions of the grpc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exception...
EulerOS Virtualization 3.0.6.0 : harfbuzz (EulerOS-SA-2023-3432)
According to the versions of the harfbuzz packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the...
K000135674: HarfBuzz vulnerability CVE-2023-25193
Security Advisory Description hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks. CVE-2023-25193 Impact There is no impact; F5 products are not affected by this...
java-17-openjdk security and bug fix update
1:17.0.8.0.7-2.0.1 - OpenJDK: ZIP file parsing infinite loop 8302483 CVE-2023-22036 - OpenJDK: weakness in AES implementation 8308682 CVE-2023-22041 - OpenJDK: improper handling of slash characters in URI-to-path conversion 8305312 CVE-2023-22049 - harfbuzz: OpenJDK: On^2 growth via consecutive...