SUSE-SU-2023:4561-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.42.2 bsc1217210: - CVE-2023-41983: Processing web content may lead to a denial-of-service. - CVE-2023-42852: Processing web content may lead to arbitrary code execution. Already previously fixed: - CVE-2022-32919: Visitin...

CVE-2023-24799

D-Link DIR878 DIR878FW120B05 was discovered to contain a stack overflow in the sub48AF78 function. This vulnerability allows attackers to cause a Denial of Service DoS or execute arbitrary code via a crafted payload...

Important: rsyslog

Issue Overview: A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially in rsyslog 7.x, execute arbitrary...

MGASA-2023-0083 Updated dcmtk packages fix security vulnerability

Jinsheng Ba discovered that DCMTK incorrectly handled certain requests. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. CVE-2021-41687, CVE-2021-41688, CVE-2021-41689,...

K51317292: glibc vulnerability CVE-2020-1751

Security Advisory Description An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential...

PT-2023-14072 · Nvidia · Nvidia Bmc

Name of the Vulnerable Software and Affected Versions: NVIDIA BMC affected versions not specified Description: The issue is related to a buffer overflow in the IPMI handler of NVIDIA BMC. An authorized attacker can exploit this to cause a denial of service or potentially gain code execution...

Unauthenticated Stack-Based Buffer Overflow Vulnerability In SonicOS

A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service DoS or potentially results in code execution in the firewall.SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a PoC have be...

CVE-2022-23219

The deprecated compatibility function clntcreate in the sunrpc module of the GNU C Library aka glibc through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or if an application is no...

CVE-2021-40574

The binary MP4Box in Gpac from 0.9.0-preview to 1.0.1 has a double-free vulnerability in the gftextgetutf8line function in loadtext.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges...

CVE-2021-40571

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilstboxread function in boxcodeapple.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges...

CVE-2021-42382

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvars function...

CVE-2021-42382

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvars function...

CVE-2021-42386

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function...

CVE-2021-42383

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function...

BusyBox Resource Management Error Vulnerability (CNVD-2021-88214)

BusyBox is a set of applications containing several linux commands and tools by Denis Vlasenko, a Ukrainian personal developer. A resource management error vulnerability exists in the Busybox awk applet, which stems from a denial of service due to "use after free" in Busybox's awk applet when...

SUSE: Security Advisory (SUSE-SU-2015:0889-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux kernel competitive conditions issue vulnerability (CNVD-2021-37740)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a Competitive Condition Issue vulnerability that stems from the sctpdestroysock function causing memory corruption, which triggers a denial of service...

SUSE: Security Advisory (SUSE-SU-2021:0492-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

QEMU Buffer Overflow Vulnerability (CNVD-2021-26375)

QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. QEMU suffers from a buffer overflow vulnerability that can be exploited by an attacker to trigger a memory corruption, which triggers a denial ...

ytnef double release vulnerability

ytnef is a program that collaborates with procmail to decode TNEF streams. A double release vulnerability exists in the TNEFSubjectHandler function in lib/ytnef.c in ytnef 1.9.3. A remote attacker can exploit this vulnerability via specially crafted files to cause a denial of service and possibly...