Read Time:9 Second
In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file.
Daily Archives: July 18, 2023
CVE-2021-32256
Read Time:8 Second
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.
CVE-2020-23911
Read Time:10 Second
An issue was discovered in asn1c through v0.9.28. A NULL pointer dereference exists in the function _default_error_logger() located in asn1fix.c. It allows an attacker to cause Denial of Service.
CVE-2020-23910
Read Time:6 Second
Stack-based buffer overflow vulnerability in asn1c through v0.9.28 via function genhash_get in genhash.c.
CVE-2020-23909
Read Time:6 Second
Heap-based buffer over-read in function png_convert_4 in file pngex.cc in AdvanceMAME through 2.1.
iperf3-3.14-1.fc39
Read Time:16 Second
FEDORA-2023-58163f7e2d
Packages in this update:
iperf3-3.14-1.fc39
Update description:
Automatic update for iperf3-3.14-1.fc39.
Changelog
* Tue Jul 18 2023 Jonathan Wright <jonathan@almalinux.org> – 3.14-1
– update to 3.14 rhbz#2183634
– Security fix for CVE-2023-38403 rhbz#2222204 rhbz#2223495
JumpCloud Confirms Data Breach By Nation-State Actor
Read Time:4 Second
The attack vector was identified as data injection into the firm’s commands framework
USN-6233-1: YAJL vulnerabilities
Read Time:42 Second
It was discovered that YAJL was not properly performing bounds checks when
decoding a string with escape sequences. If a user or automated system
using YAJL were tricked into processing specially crafted input, an
attacker could possibly use this issue to cause a denial of service
(application abort). (CVE-2017-16516)
It was discovered that YAJL was not properly handling memory allocation
when dealing with large inputs, which could lead to heap memory
corruption. If a user or automated system using YAJL were tricked into
running a specially crafted large input, an attacker could possibly use
this issue to cause a denial of service. (CVE-2022-24795)
It was discovered that memory leaks existed in one of the YAJL parsing
functions. An attacker could possibly use this issue to cause a denial of
service (memory exhaustion). (CVE-2023-33460)
CVE-2018-25088
Read Time:27 Second
A vulnerability, which was classified as critical, was found in Blue Yonder postgraas_server up to 2.0.0b2. Affected is the function _create_pg_connection/create_postgres_db of the file postgraas_server/backends/postgres_cluster/postgres_cluster_driver.py of the component PostgreSQL Backend Handler. The manipulation leads to sql injection. Upgrading to version 2.0.0 is able to address this issue. The patch is identified as 7cd8d016edc74a78af0d81c948bfafbcc93c937c. It is recommended to upgrade the affected component. VDB-234246 is the identifier assigned to this vulnerability.
mingw-qt6-qtbase-6.5.1-2.fc38
Read Time:7 Second
FEDORA-2023-364ae10761
Packages in this update:
mingw-qt6-qtbase-6.5.1-2.fc38
Update description:
Backport fix for CVE-2023-38197.