570 matches found
CVE-2023-43123
On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method...
Design/Logic Flaw
On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method...
CVE-2023-43123
CVE-2023-43123 affects Apache Storm (Storm-core) on Unix-like systems where a shared temporary directory can allow other local users to read sensitive data written by temp files created via File.createTempFile (permissions -rw-r--r-- by default). The issue is triggered when the system property 'j...
CVE-2023-43123 Apache Storm: Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files
On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method...
Oracle Linux 9 : cups (ELSA-2023-6596)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6596 advisory. - CVE-2023-32360 cups: Information leak through Cups-Get-Document operation - CVE-2023-34241 cups: use-after-free in cupsdAcceptClient in...
RHEL 9 : cups (RHSA-2023:6596)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6596 advisory. The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups...
Rocky Linux 8 : Satellite 6.11 Release (Moderate) (RLSA-2022:5498)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5498 advisory. - Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol serve...
SUSE SLES12 Security Update : cups (SUSE-SU-2023:3706-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3706-1 advisory. - An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey...
Huawei EulerOS: Security Advisory for cups (EulerOS-SA-2023-2856)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for cups (EulerOS-SA-2023-2839)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 37 Update: kernel-6.4.13-100.fc37
The kernel meta package...
Oracle Linux 8 : rust-toolset:ol8 (ELSA-2023-4635)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-4635 advisory. 1.66.1-2 - rust-cargo: cargo does not respect the umask when extracting dependencies CVE-2023-38497 Tenable has extracted the preceding description block direct...
Oracle Linux 9 : rust (ELSA-2023-4634)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-4634 advisory. 1.66.1-2 - rust-cargo: cargo does not respect the umask when extracting dependencies CVE-2023-38497 Tenable has extracted the preceding description block direct...
Integer overflow
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in consumecount of src/gnuv2/cplus-dem.c. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block...
CVE-2023-40022 Rizin vulnerable to Integer Overflow in C++ demangler logic
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in consumecount of src/gnuv2/cplus-dem.c. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block...
Rocky Linux 9 : rust (RLSA-2023:4634)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:4634 advisory. - Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not...
Rocky Linux 8 : rust-toolset:rhel8 (RLSA-2023:4635)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:4635 advisory. - Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not...
Fedora 37 : rust (2023-4824704a61)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-4824704a61 advisory. Security fix for CVE-2023-38497 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...
AlmaLinux 9 : rust (ALSA-2023:4634)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:4634 advisory. - Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respe...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rust1.71 (SUSE-SU-2023:3251-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3251-1 advisory. - Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2...