gmp: Integer overflow and resultant buffer overflow via crafted input

A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability...

libfastjson: integer overflow and out-of-bounds write via a large JSON file

A flaw was found in json-c. In printbufmemappend, certain crafted values can overflow the memory allowing an attacker to write past the memory boundary. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CentOS 9 : xorg-x11-server-Xwayland-21.1.3-5.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the xorg-x11-server-Xwayland-21.1.3-5.el9 build changelog. - A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in...

CentOS 9 : shim-unsigned-x64-15.6-1.el9

The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the shim-unsigned-x64-15.6-1.el9 build changelog. - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot...

CentOS 9 : kernel-5.14.0-347.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-347.el9 build changelog. - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious conte...

CentOS 9 : linuxptp-3.1.1-2.el9

The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the linuxptp-3.1.1-2.el9 build changelog. - A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows...

CentOS 9 : ghostscript-9.54.0-4.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ghostscript-9.54.0-4.el9 build changelog. - A trivial sandbox enabled with the -dSAFER option escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe...

CentOS 9 : xorg-x11-server-1.20.11-15.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the xorg-x11-server-1.20.11-15.el9 build changelog. - A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the...

edk2: Buffer overflow in the DHCPv6 client via a long Server ID option

A security flaw was identified in EDK2, the open-source reference implementation of the UEFI specification, involving a buffer overflow vulnerability. This particular weakness enables an unauthorized attacker within the vicinity of the network to transmit a specifically crafted DHCPv6 message...

Advisory ROSA-SA-2024-2355

Software: libvirt 6.0.0 OS: ROSA Virtualization 2.1 packageevrstring: libvirt-6.0.0-28.module+el8.3.0+7827+5e65edd7.src.rpm CVE-ID: CVE-2020-14339 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability was discovered in libvirt that caused the /dev/mapper/control file descriptor to be exposed to...

Huawei EMUI and Huawei HarmonyOS Improper Access Control Vulnerability (CNVD-2025-07825)

Huawei EMUI and Huawei HarmonyOS are both products of Huawei, a Chinese company.Huawei EMUI is a mobile operating system based on Android.Huawei HarmonyOS is an operating system... An improper access control vulnerability exists in Huawei EMUI and Huawei HarmonyOS. An attacker could exploit this...

Huawei EMUI 安全漏洞

Huawei EMUI and Huawei HarmonyOS are both products of Huawei, a Chinese company.Huawei EMUI is a mobile operating system based on Android.Huawei HarmonyOS is an operating system... An improper access control vulnerability exists in Huawei EMUI and Huawei HarmonyOS. An attacker could exploit this...

Siemens SCALANCE XCM-/XRM-300

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Microsoft Windows SmartScreen Security Feature Bypass Vulnerability

Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both...

Rocky Linux 8 : rpm (RLSA-2024:0647)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:0647 advisory. - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response t...

AlmaLinux 8 : rpm (ALSA-2024:0647)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0647 advisory. - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to...

Oracle Linux 8 : rpm (ELSA-2024-0647)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0647 advisory. - Import additional patches to fix regressions with CVE-2021-35937, CVE-2021-35938 and CVE-2021-35939 patchset Orabug: 36256318 - Backport file handlin...

RHEL 8 : rpm (RHSA-2024:0647)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0647 advisory. The RPM Package Manager RPM is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and...

rpm: TOCTOU race in checks for unsafe symlinks

A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and...

RHEL 8 : rpm (RHSA-2024:0582)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0582 advisory. The RPM Package Manager RPM is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and...