PT-2023-27181 · Unknown · Uthenticode

Name of the Vulnerable Software and Affected Versions: uthenticode version 1.0.9 Description: uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Version 1.0.9 of uthenticode hashed the entire file rather than hashing sections by virtual address,...

EulerOS 2.0 SP9 : docker-runc (EulerOS-SA-2023-2581)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit...

An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification leading to an out-of-bounds read.

...

SUSE-SU-2023:2957-1 Security update for python39

This update for python39 fixes the following issues: Update to 3.9.17: - urllib.parse.urlsplit now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329 bsc1208471. - Fixed a security in flaw in uu.decode that could all...

SUSE CVE-2023-38432

An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, leading to an out-of-bounds read...

Linux kernel smb2misc.c file out-of-bounds read vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. An out-of-bounds read vulnerability exists in versions of Linux kernel prior to 6.3.10, which stems from the fact that fs/smb/server/smb2misc.c does not validate the relationsh...

CVE-2023-38432

An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, leading to an out-of-bounds read...

CVE-2023-37475 Attacker-controlled parameter can cause denial of service in hamba avro

Hamba avro is a go lang encoder/decoder implementation of the avro codec specification. In affected versions a well-crafted string passed to avro's github.com/hamba/avro/v2.Unmarshal can throw a fatal error: runtime: out of memory which is unrecoverable and can cause denial of service of the...

GHSA-VC79-65PR-Q82V rswag vulnerable to arbitrary JSON and YAML file read via directory traversal

rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI or Swagger specification file of a project...

LSP8 and LSP9's ERC-165 interface ID differs from their specification

Lines of code Vulnerability details Bug Description According to LSP7's specification, the ERC-165 interface ID for LSP7 token contracts should be 0x5fcaac27: ERC165 interface id: 0x5fcaac27 However, INTERFACEIDLSP7 has a different value in the code: LSP7Constants.solL4-L5 // --- ERC165 interface...

LSP8CompatibleERC721's approve() deviates from ERC-721 specification

Lines of code Vulnerability details Bug Description The LSP8CompatibleERC721 contract is a wrapper around LSP8 that is meant to function similarly to ERC-721 tokens. One of its implemented functions is ERC-721's approve: LSP8CompatibleERC721.solL155-L158 function approveaddress operator, uint256...

The vulnerability in the implementation of the Bluetooth Classic protocol, as specified in the Bluetooth Core Specification, allows a perpetrator to disclose protected information.

The vulnerability of the Bluetooth Classic protocol implementation, as described in the Bluetooth Core Specification, is related to insufficient protection of service data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

The vulnerability of the application for simplifying and standardizing the distribution of content within Open Container Initiative Distribution Specification (OCI Distribution Specification) lies in a type mixing error. This allows attackers to compromise the integrity of the protected information.

The vulnerability of the application for simplifying and standardizing the distribution of content within Open Container Initiative Distribution Specification OCI Distribution Specification is related to an error in mixing types during the processing of the Content-Type header, which contains...

Amazon Linux 2023 : runc (ALAS2023-2023-231)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-231 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks ...

A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.

...

Overcoming Challenges in Delivering Machine Learning Models from Research to Production

So, you’ve finished your research. You developed a machine learning ML model, tested, and validated it and you’re now ready to start development, and then push the model to production. The hard work -- the research -- is finally behind you. Or is it? Understanding the Challenges in Machine Learni...

DEBIAN-CVE-2023-3316

A NULL pointer dereference in TIFFClose is caused by a failure to open an output file non-existent path or a path that requires permissions like /dev/null while specifying zones...

UBUNTU-CVE-2023-3316

A NULL pointer dereference in TIFFClose is caused by a failure to open an output file non-existent path or a path that requires permissions like /dev/null while specifying zones...

fast-xml-parser regex vulnerability patch could be improved from a safety perspective

Summary This is a comment on https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-6w63-h3fj-q4vw and the patches fixing it. Details The code which validates a name calls the validator:...

EulerOS Virtualization 3.0.6.0 : binutils (EulerOS-SA-2023-2207)

According to the versions of the binutils packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Assertion fail in the displaydebugnames function in binutils/dwarf.c may lead to program crash and denial of service.CVE-2022-381...