DEBIAN-CVE-2023-42363

A use-after-free vulnerability was discovered in xasprintf function in xfuncsprintf.c:344 in BusyBox v.1.36.1...

OPENSUSE-SU-2023:0366-1 Security update for vlc

This update for vlc fixes the following issues: Update to version 3.0.20: + Video Output: - Fix green line in fullscreen in D3D11 video output - Fix crash with some AMD drivers old versions - Fix events propagation issue when double-clicking with mouse wheel + Decoders: - Fix crash when AV1...

CVE-2023-46850

Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer...

OSV-2023-1115 Use-of-uninitialized-value in fp_uninit

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63867 Crash type: Use-of-uninitialized-value Crash state: fpuninit cryptofuzz::module::libecc::OpECCValidatePubkey cryptofuzz::ExecutorBase::callM...

CVE-2023-46317

Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers...

OSV-2023-873 UNKNOWN WRITE in icu_74::Calendar::set

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62425 Crash type: UNKNOWN WRITE Crash state: icu74::Calendar::set calendarfuzzer.cpp...

OSV-2023-728 Use-of-uninitialized-value in aesEncryptBlock

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61670 Crash type: Use-of-uninitialized-value Crash state: aesEncryptBlock EncryptStream::lookChar BaseCryptStream::getChar...

Improper Input Validation

libmongoose.so is vulnerable to Improper Input Validation. The vulnerability is due to the library accepting requests containing negative Content-Length headers because it improperly handles the length parameter in mongoose.c and http.c...

CVE-2023-34540

Langchain before v0.0.225 was discovered to contain a remote code execution RCE vulnerability in the component JiraAPIWrapper aka the JIRA API wrapper. This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available...

CVE-2023-0430

Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird 102.7.1...

CVE-2023-29011 Git for Windows's config file of `connect.exe` is susceptible to malicious placing

Git for Windows, the Windows port of Git, ships with an executable called connect.exe, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of connect.exe's config file is hard-coded as...

CVE-2023-29583

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parseexpr5 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code...

Workspace App 2203 LTSR CU2 displays a blank white box after login

Citrix Workspace App displays a blank white box after login. Issue does not happen when testing older versions of Citrix Workspace App such as 1912CU3...

CVE-2022-4317

An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 1.47 before 3.0.51, which sends custom request headers in redirects...

OSV-2023-155 Heap-buffer-overflow in run_container_write

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56710 Crash type: Heap-buffer-overflow WRITE 16 Crash state: runcontainerwrite raportableserialize roaringbitmapserialize...

CVE-2023-22995

In the Linux kernel before 5.17, an error path in dwc3qcomacpiregistercore in drivers/usb/dwc3/dwc3-qcom.c lacks certain platformdeviceput and kfree calls...

SUSE CVE-2020-8121

A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer...

JSA10379 - Security Vulnerability in Pulse Connect Secue (PCS) RADIUS authentication mechanism

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. If RADIUSis being used as the authentication mechanism on PCS running an affected release of the OS, then in a specific scenario, an unauthenticated user may be able to get past the...

A Security Vulnerability in the KmsdBot Botnet

Security researchers found a software bug in the KmsdBot cryptomining botnet: With no error-checking built in, sending KmsdBot a malformed command­--like its controllers did one day while Akamai was watching­--created a panic crash with an "index out of range" error. Because theres no persistence...

GSD-2022-1007987 net: mdio: fix undefined behavior in bit shift for __mdiobus_register

net: mdio: fix undefined behavior in bit shift for mdiobusregister This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.78 by commit...