Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from an out-of-bounds read vulnerability that stems from an out-of-bounds read problem in the parseleasestate method of the KSMBD implementation of the...

CVE-2023-27483 fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the Paved type's SetValue method with user provided input without proper...

Debian: Security Advisory (DLA-151-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2023-1194

An out-of-bounds OOB memory read flaw was found in parseleasestate in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of NameOffset in the parseleasestate...

CLSA-2023-1678135993 python2: Fix of CVE-2023-24329

CVE-2023-24329: Prevent urllib.parse.urlparse from accepting schemes that don't begin with an alphabetical ASCII character...

The vulnerability of the Linux operating system’s Bluetooth driver allows a hacker to gain access to protected information.

The vulnerability of the Linux operating system’s Bluetooth kernel driver is related to the use of an uninitialized variable efs in the l2capparseconfreq function. Exploiting this vulnerability could allow a remote attacker to gain access to protected information...

json5: Prototype Pollution in JSON5 via Parse Method

A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse...

json5: Prototype Pollution in JSON5 via Parse Method

A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse...

json5: Prototype Pollution in JSON5 via Parse Method

A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse...

json5: Prototype Pollution in JSON5 via Parse Method

A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse...

PT-2023-9849 · Tcpreplay +3 · Tcpreplay +3

Name of the Vulnerable Software and Affected Versions: TCPreplay TCPprep version 4.4.3 Description: The issue allows a remote attacker to cause a denial of service via the parse endpoints function, which is related to pointer dereferencing. This can be exploited by a remote attacker to cause a...

PT-2023-9848 · Tcpreplay +4 · Tcpreplay +4

Name of the Vulnerable Software and Affected Versions: TCPprep version 4.4.3 Description: The issue allows a remote attacker to cause a denial of service via the parse list function. This is related to a pointer dereference issue in the PCAP file handler of the Tcpreplay utility. Exploitation of...

PT-2023-35604 · Git +1 · Systemd

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of "Use-of-uninitialized-value". The crash state includes functions such as rename process, safe fork full, and pars...

[SECURITY] [DLA 3336-1] node-url-parse security update

Debian LTS Advisory DLA-3336-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin February 23, 2023 https://wiki.debian.org/LTS Package : node-url-parse Version : 1.2.0-2+deb10u2 CVE ID : CVE-2021-3664 CVE-2021-27515 CVE-2022-0512 CVE-2022-0639 CVE-2022-0686...

DLA-3336-1 node-url-parse - security update

Bulletin has no description...

Debian dla-3336 : node-url-parse - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3336 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3336-1 [email protected]...

Debian: Security Advisory (DLA-3336-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OSV-2023-84 Stack-buffer-overflow in parse_regex

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56121 Crash type: Stack-buffer-overflow READ 1 Crash state: parseregex parseregex parseregex...

DEBIAN-CVE-2023-24329

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters...

AZL-31165 CVE-2023-24329 affecting package python3 for versions less than 3.9.14-8

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters...