AZL-34093 CVE-2023-40548 affecting package shim-unsigned-x64 for versions less than 15.8-1

A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This fl...

AZL-35263 CVE-2023-40548 affecting package shim-unsigned-aarch64 for versions less than 15.8-3

A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This fl...

AZL-33895 CVE-2023-40547 affecting package shim-unsigned-x64 for versions less than 15.8-1

A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete...

AZL-35267 CVE-2023-40547 affecting package shim-unsigned-aarch64 for versions less than 15.8-3

A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete...

AZL-35278 CVE-2023-40547 affecting package shim-unsigned-x64 for versions less than 15.8-3

A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete...

protobuf-c: unsigned integer overflow in parse_required_member

A vulnerability was found in protobuf-c. This security flaw leads to an unsigned integer overflow in parserequiredmember...

PT-2024-7325

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a possible divide-by-zero error in the wb dirty limits function. This error occurs because the thresh value, which is an unsigned long, is passed as a u32 divis...

RHEL 8 : protobuf-c (RHSA-2024:0406)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0406 advisory. The protobuf-c packages provide C bindings for Google's Protocol Buffers. Security Fixes: protobuf-c: unsigned integer overflow in parserequiredmembe...

EulerOS Virtualization 3.0.6.0 : protobuf-c (EulerOS-SA-2023-3447)

According to the versions of the protobuf-c packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - protobuf-c before 1.4.1 has an unsigned integer overflow in parserequiredmember. CVE-2022-48468 Note that Tenable Network...

EulerOS Virtualization 2.11.1 : protobuf-c (EulerOS-SA-2023-2738)

According to the versions of the protobuf-c package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - protobuf-c before 1.4.1 has an unsigned integer overflow in parserequiredmember. CVE-2022-48468 Note that Tenable Network...

EulerOS Virtualization 2.11.0 : protobuf-c (EulerOS-SA-2023-2769)

According to the versions of the protobuf-c package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - protobuf-c before 1.4.1 has an unsigned integer overflow in parserequiredmember. CVE-2022-48468 Note that Tenable Network...

EulerOS 2.0 SP8 : protobuf-c (EulerOS-SA-2023-3148)

According to the versions of the protobuf-c packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - protobuf-c before 1.4.1 has an unsigned integer overflow in parserequiredmember. CVE-2022-48468 Note that Tenable Network Security has...

PT-2024-40803 · Git +1 · Libjxl

Name of the Vulnerable Software and Affected Versions: No specific software or version information is provided in the input descriptions. Description: A crash has been reported due to a global buffer overflow read of 16 bytes. The issue is related to the jxl::N AVX2::WriteToOutputStage module,...

AZL-35291 CVE-2023-7008 affecting package systemd-bootstrap for versions less than 250.3-18

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...

CVE-2023-7008

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...

AZL-32271 CVE-2023-7008 affecting package systemd-bootstrap for versions less than 250.3-13

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...

AZL-43171 CVE-2023-7008 affecting package systemd for versions less than 255-20

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...

AZL-32270 CVE-2023-7008 affecting package systemd for versions less than 250.3-22

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...

DEBIAN-CVE-2023-7008

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...

UBUNTU-CVE-2023-7008

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...