CVE-2023-40475

CVE-2023-40475 affects the MXF file parsing in GStreamer plugins-bad. The flaw is an integer overflow when handling MXF data, enabling remote code execution within the process if a crafted MXF file is processed. Exploitation is interaction-dependent and depends on the specific plugin/implementati...

CVE-2023-40474

CVE-2023-40474 is a GStreamer MXF parsing vulnerability caused by an integer overflow when processing MXF files, leading to remote code execution in vulnerable GStreamer deployments. The issue stems from insufficient validation of user-supplied data, which allows the overflow to occur during buff...

CVE-2023-38104

CVE-2023-38104 affects GStreamer realmedia parsing: the MDPR chunk parsing path allows an integer overflow when allocating buffers, enabling remote code execution in the context of the affected process. The vulnerability is network-remote with no user authentication required and requires user int...

CVE-2023-38089

CVE-2023-38089 concerns Kofax Power PDF with an Out-of-Bounds Write in the handling of app objects. The flaw arises from insufficient validation of user-supplied data, causing a write past the end of an allocated buffer and enabling Remote Code Execution in the context of the current process. Exp...

CVE-2023-37329

CVE-2023-37329 concerns a heap-based buffer overflow in GStreamer’s SRT subtitle file parsing. The flaw stems from insufficient validation of the length of user-supplied data before copying to a heap buffer, enabling remote code execution in the affected process. This is tied to ZDI-CAN-20968. Co...

CVE-2023-37328

GStreamer PGS subtitle parsing flaw (CVE-2023-37328) causes a heap-based buffer overflow that can enable remote code execution. It affects gstreamer1-plugins-base and related GStreamer components; the issue arises from inadequate validation of user-supplied data length during PGS subtitle parsing...

CVE-2023-37327

Consolidated: CVE-2023-37327 targets GStreamer, specifically the FLAC file parsing path. The flaw is an integer overflow while handling FLAC data, leading to a heap overwrite and remote code execution. The issue affects gstreamer1-plugins-good (and related GStreamer components) and has had vendor...

What can we learn from the passwords used in brute-force attacks?

Brute force attacks are one of the most elementary cyber threats out there. Technically, anyone with a keyboard and some free time could launch one of them -- just try a bunch of different username and password combinations on the website of your choice until you get blocked. Nick Biasini and I...

CVE-2024-27389

In the Linux kernel, the following vulnerability has been resolved: pstore: inode: Only dinvalidate is needed Unloading a modular pstore backend with records in pstorefs would trigger the dput double-drop warning: WARNING: CPU: 0 PID: 2569 at fs/dcache.c:762 dput.part.0+0x3f3/0x410 Using the comb...

CVE-2024-27061

In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ce - Fix use after free in unprepare sun8icecipherunprepare should be called before cryptofinalizeskcipherrequest, because client callbacks may immediately free memory, that isn't needed anymore. But it will be used...

CVE-2024-26983

In the Linux kernel, the following vulnerability has been resolved: bootconfig: use memblockfreelate to free xbc memory to buddy On the time to free xbc memory in xbcexit, memblock may has handed over memory to buddy allocator. So it doesn't make sense to free memory back to memblock. memblockfre...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the occurrence of a deadlock problem...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the occurrence of a deadlock problem...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the occurrence of a deadlock problem...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-063)

The version of kernel installed on the remote host is prior to 5.4.110-54.189. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.4-2024-063 advisory. In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fix ordering in...

CVE-2024-2467

CVE-2024-2467 is a timing-based side-channel vulnerability in the perl-Crypt-OpenSSL-RSA package affecting legacy PKCS#1 v1.5 padding. The issue can enable plaintext recovery over a network under a Bleichenbacher-style attack if an attacker can send many trial messages. Publicly documented fixes ...

CVE-2024-1657

CVE-2024-1657 : A flaw in Red Hat Ansible Automation Platform involves an insecure WebSocket used when interacting with the EDA server during installation from the Ansible rulebook. An attacker with access to any machine in the CIDR block could download all rulebook data, impacting confidentialit...

CVE-2023-6596

Technical details for CVE-2023-6596 are not publicly available in the provided documents. Monitor for updates from Red Hat/OpenShift advisories.

CVE-2023-6484

CVE-2023-6484 describes a log injection flaw in Keycloak occurring when using WebAuthn in authentication form. The vulnerability arises from unsanitized text that can be injected into logs during WebAuthn login/registration, potentially affecting log integrity with a minor impact per CVSS 3.1 met...

CVE-2023-5675

CVE-2023-5675 affects Quarkus RestEasy Classic/Reactive JAX-RS endpoints where methods are declared in abstract classes or altered by extensions via annotation processors; authorization may not be enforced when quarkus.security.jaxrs.deny-unannotated-endpoints or quarkus.security.jaxrs.default-ro...