[SECURITY] Fedora 38 Update: mingw-qt6-qtbase-6.5.1-2.fc38

This package contains the Qt software toolkit for developing cross-platform applications. This is the 32-bit Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler...

PT-2023-14293 · Arm · Arm Compiler 5 (Ac5) +11

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue arises when the installation directory lacks sufficiently restrictive file permissions, allowing an attacker to modify files and execute malicious code. Recommendations: At the...

ARM Compiler 代码问题漏洞

ARM Compiler is a tool from ARM UK for compiling and generating applications for the ARM architecture. ARM Compiler suffers from a security vulnerability that stems from an installer program that loads or executes files using an unconstrained search path, which may be vulnerable to an...

ARM Compiler 安全漏洞

ARM Compiler is a tool from ARM UK for compiling and generating applications for the ARM architecture. ARM Compiler suffers from a security vulnerability that originates when a directory containing the installer does not have sufficiently restricted file permissions, allowing an attacker to modif...

ARM Compiler 安全漏洞

ARM Compiler is a tool from ARM UK for compiling and generating applications for the ARM architecture. A security vulnerability exists in ARM Compiler that originates when the installation directory does not have sufficiently restricted file permissions, which could allow an attacker to modify...

PT-2023-14295 · Arm · Arm Compiler 5 (Ac5) +2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns an installer that loads or executes files using an unconstrained search path, making it potentially vulnerable to attacks where an...

CVE-2023-37902 Vyper's ecrecover can return undefined data if signature does not verify

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine EVM. Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means...

Moderate: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

ALSA-2023:4175 Moderate: java-11-openjdk security and bug fix update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: ZIP file parsing infinite loop 8302483 CVE-2023-22036 OpenJDK: weakness in AES implementation 8308682 CVE-2023-22041 OpenJDK: improper handling o...

Oracle OpenJDK Vulnerability (CVE-2023-22044)

Oracle OpenJDK is prone to a vulnerability in the hotspot/compiler component. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Oracle Java SE 安全漏洞

Oracle Java SE and Oracle GraalVM are both products of Oracle Corporation.Oracle Java SE is a product for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments.Oracle GraalVM is a set of on-the-fly compilers written in the Java language...

Amazon Corretto Java 17.x < 17.0.8.7.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 17 17.0.8.7.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-17-2023-Jul-18 advisory. - core-libs/java.net CVE-2023-22006 - core-libs/java.util CVE-2023-22036 - hotspot/compiler...

RLSA-2023:3923 Critical: go-toolset and golang security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fixes: golang: cmd/go: go command may generate unexpected code at build time when using cgo CVE-2023-29402 golang:...

Oracle Linux 9 : go-toolset / and / golang (ELSA-2023-3923)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-3923 advisory. - New Go version 1.19.10 CVE-2023-29402 CVE-2023-29403 CVE-2023-29404 CVE-2023-29405 go-toolset Tenable has extracted the preceding description block...

AlmaLinux 9 : go-toolset and golang (ALSA-2023:3923)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:3923 advisory. - The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cg...

Critical: Red Hat Security Advisory: go-toolset and golang security update

An update for go-toolset and golang is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

golang: cmd/cgo: Arbitrary code execution triggered by linker flags

A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a "cgo LDFLAGS"...

ALSA-2023:3923 Critical: go-toolset and golang security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fixes: golang: cmd/go: go command may generate unexpected code at build time when using cgo CVE-2023-29402 golang:...

CentOS 8 : go-toolset:rhel8 (CESA-2023:3922)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:3922 advisory. - The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses...

CVE-2023-29405

A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a "cgo LDFLAGS"...