11155 matches found
RHEL 8 : nasm (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nasm: use-after-free in pastetokens in asm/preproc.c CVE-2019-8343 - NASM nasm-2.13.03 nasm- 2.14rc15...
RHEL 6 : byacc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - byacc: malloc incorrectly accessing released memory leads to use after free CVE-2021-33641 - When a file ...
RHEL 8 : rubygem-asciidoctor (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rubygem-asciidoctor: Infinite loop in the nextblock method CVE-2018-18385 Note that Nessus has not tested for this...
RHEL 6 : libxpm (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libXpm: Out-of-bounds write in XPM extension parsing CVE-2016-10164 - A flaw was found in libXpm. When...
RHEL 6 : rubygems (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - rubygems: Improper verification of signatures in tarball allows to install mis-signed gem CVE-2018-100007...
RHEL 5 : quagga (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - quagga: VPNv4 NLRI parser memcpys to stack on unchecked length CVE-2016-2342 - quagga: Double free...
RHEL 6 : cairo (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cairo: libreoffice slideshow aborts with stack smashing in cairo's compositeboxes CVE-2020-35492 - Intege...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.22 (SUSE-SU-2024:1587-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1587-1 advisory. Update to go1.22.3: - CVE-2024-24787: cmd/go: arbitrary code execution during build on darwin...
RHEL 7 : golang (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: arbitrary command execution via VCS path CVE-2018-7187 - golang: Command-line arguments may...
RHEL 6 : wireshark (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - wireshark: free operation on an uninitialized memory address in wiretap/netmon.c CVE-2018-6836 - The...
RHEL 5 : wireshark (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - wireshark: free operation on an uninitialized memory address in wiretap/netmon.c CVE-2018-6836 - The...
RHEL 6 : ncurses (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ncurses: Stack-based buffer overflow caused by format string vulnerability in fmtentry function...
RHEL 7 : qpdf (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - qpdf: stack exhaustion in QPDFObjectHandle and QPDFDictionary classes in libqpdf.a CVE-2018-9918 - A...
RLSA-2024:2549 Moderate: skopeo security and bug fix update
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms...
buildah bug fix update
An update is available for buildah. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The buildah package provides a tool for facilitating building OCI container...
RLSA-2024:2264 Important: edk2 security update
EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message CVE-2023-45235 EDK2: heap buffer...
edk2 security update
An update is available for edk2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list EDK Embedded Development Kit is a project to enable UEFI support for Virtual...
CVE-2024-30172
An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key...
CVE-2024-30172
CVE-2024-30172 refers to a vulnerability in Bouncy Castle Java Cryptography APIs prior to 1.78 where an Ed25519 verification path can enter an infinite loop when processing a crafted signature and public key. The connected IBM security bulletin confirms the same CVE-ID and recommends upgrading to...
Security Bulletin: TPF Toolkit is affected by vulnerabilities in the Eclipse IDE and Apache Commons Compress
Summary The org.eclipse.core.runtime component is used by TPF Toolkit as part of the basic platform infrastructure CVE-2023-4218. Additionally, the Apache commons-compress package is used by TPF Toolkit web applications services as part of the code coverage feature CVE-2024-26308, CVE-2024-25710...