MiracleLinux 7 : glibc-2.17-326.3.0.1.el7.AXS7 (AXSA:2024-8594:08)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8594:08 advisory. CVE-2021-3999: getcwd - Set errno to ERANGE for size == 1 CVE-2021-35942: wordexp - handle overflow in positional parameter number CVE-2022-23218:...

Security Bulletin: Multiple Vulnerabilities affecting IBM Watson Studio in Cloud Pak for Data are addressed

Summary There are multiple vulnerabilities impacting IBM Watson Studio in Cloud Pak for Data. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2019-9169 DESCRIPTION: GNU glibc is vulnerable to a heap-based buffer overflow, caused by a buff...

Siemens SIMATIC S7-1500 TM MFP BIOS Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CVE-2022-23219)

The deprecated compatibility function clntcreate in the sunrpc module of the GNU C Library aka glibc through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or if an application is no...

glibc security update

2.17-326.0.9.3 - Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi Oracle history: June-22-2023 Cupertino Miranda - 2.17-326.0.9 - OraBug 35517820 Reworked previous patch for OraBug 35318841 and removed free of stack allocations. Reviewed-by: Jose E. Marchesi June-20-2023...

Oracle Linux 7 : glibc (ELSA-2024-12444)

"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12444 advisory. 2.17-326.0.9.3 - Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi Oracle history: June-22-2023 Cupertino Miranda - 2.17-326.0....

USN-5310-1: GNU C Library vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could possibly use this issue to cause the GNU C Library ...

Solaris 10 (x86) : 148420-04

SunOS 5.10x86: nssdns patch. Date this patch was last updated by Sun : Jan/16/23 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include"compat.inc"; if description...

Solaris 10 (sparc) : 148419-04

SunOS 5.10: nssdns patch. Date this patch was last updated by Sun : Jan/16/23 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include"compat.inc"; if description...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to stack-based buffer overflow in GNU C Library (CVE-2022-23219)

Summary Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to stack-based buffer overflow in GNU C Library CVE-2022-23219. This is included as part of the base-image used in our Speech-to-Text and Text-to-Speech service components. Please see below fo...

NewStart CGSL MAIN 6.02 : glibc Multiple Vulnerabilities (NS-SA-2022-0085)

The remote NewStart CGSL host, running version MAIN 6.02, has glibc packages installed that are affected by multiple vulnerabilities: - The iconv program in the GNU C Library aka glibc or libc6 2.31 and earlier, when invoked with multiple suffixes in the destination encoding TRANSLATE or IGNORE...

Security Bulletin: IBM Cloud Pak for Security is vulnerable to using components with known vulnerabilities

Summary IBM Cloud Pak for Security is vulnerable to using components with known vulnerabilities. These components have been updated in the latest release and the vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest...

Huawei EulerOS: Security Advisory for compat-glibc (EulerOS-SA-2022-2603)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : glibc (EulerOS-SA-2022-2608)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2022-2560)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5310-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GLSA-202208-24 : GNU C Library: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202208-24 GNU C Library: Multiple Vulnerabilities - The wordexp function in the GNU C Library aka glibc through 2.33 may crash or read arbitrary memory in parseparam in posix/wordexp.c when called with an untrusted, crafted patter...

Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-23218 DESCRIPTION: GNU C Library aka glibc is vulnerable to a stack-based...

EulerOS Virtualization 2.10.1 : glibc (EulerOS-SA-2022-2051)

According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The deprecated compatibility function svcunixcreate in the sunrpc module of the GNU C Library aka glibc through 2.34 copies its pa...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2022-2051)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 7 : glibc (ELSA-2022-9421)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9421 advisory. 2.17-325.0.3.ksplice1 - Latest Ksplice-aware release. 2.17-325.0.3 - OraBug 33968985 Security Patches This release fixes CVE-2022-23219, CVE-2022-23218...