20 matches found
TencentOS Server 4: R (TSSA-2024:0936)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0936 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Azure Linux 3.0 Security Update: R (CVE-2024-27322)
The version of R installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27322 advisory. - Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at...
CVE-2024-27322 affecting package R for versions less than 4.4.1-1
CVE-2024-27322 affecting package R for versions less than 4.4.1-1. An upgraded version of the package is available that resolves this issue...
CBL Mariner 2.0 Security Update: R (CVE-2024-27322)
The version of R installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27322 advisory. - Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at...
CVE-2024-27322 affecting package R for versions less than 4.1.0-5
CVE-2024-27322 affecting package R for versions less than 4.1.0-5. A patched version of the package is available...
Important: R
Issue Overview: Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user's system...
Amazon Linux AMI : R (ALAS-2024-1940)
The version of R installed on the remote host is prior to 3.4.1-1.53. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1940 advisory. Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not...
Important: R
Issue Overview: Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user's system...
Amazon Linux 2023 : libRmath, libRmath-devel, libRmath-static (ALAS2023-2024-638)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-638 advisory. Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data...
Fedora: Security Advisory for R (FEDORA-2024-bc590cb3f1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-07b7b83a4f)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 38 : R (2024-bc590cb3f1)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bc590cb3f1 advisory. Security fix for CVE-2024-27322 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...
Fedora 39 : R (2024-07b7b83a4f)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-07b7b83a4f advisory. Security fix for CVE-2024-27322 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...
FreeBSD : R -- arbitrary code execution vulnerability (4a1e2bad-0836-11ef-9fd2-1c697a616631)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4a1e2bad-0836-11ef-9fd2-1c697a616631 advisory. - Deserialization of untrusted data can occur in the R statistical programming language, on any version...
CERT/CC Reports R Programming Language Vulnerability
CERT Coordination Center CERT/CC has released information on a vulnerability in R programming language implementations CVE-2024-27322link is external. A cyber threat actor could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the...
CVE-2024-27322
Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user’s system when interacted...
CVE-2024-27322
Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user’s system when interacted...
CVE-2024-27322
Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user’s system when interacted...
CVE-2024-27322
Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user’s system when interacted...
New R Programming Vulnerability Exposes Projects to Supply Chain Attacks
A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS R Data Serialization file such that it results in code execution when loaded and referenced. The flaw, assigned the CVE identifier CVE-2024-27322 CVSS...