DemoIccMAX Buffer Error Vulnerability

DemoIccMAX is an open source demo implementation of the iccMAX color profile by the International Color Consortium. DemoIccMAX has a security vulnerability that stems from the ability to access array elements at out-of-bounds indexes...

Ubuntu 23.10 : CUE vulnerability (USN-6423-2)

The remote Ubuntu 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6423-2 advisory. USN-6423-1 fixed a vulnerability in CUE. This update provides the corresponding updates for Ubuntu 23.10. Tenable has extracted the preceding description block direct...

FreeBSD : libcue -- out-of-bounds array access (ae0ee356-6ae1-11ee-bfb6-8c164567ca3c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ae0ee356-6ae1-11ee-bfb6-8c164567ca3c advisory. - libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are...

Debian: Security Advisory (DLA-3615-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-3615 : libcue-dev - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3615 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3615-1 [email protected] https://www.debian.org/lts/security/...

Fedora 37 : libcue (2023-1fe05ac8d9)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-1fe05ac8d9 advisory. This update backports the fix for a serious security issue that could cause arbitrary code execution, tracked as CVE-2023-43641. See this write-up by Kevin...

Fedora 38 : libcue (2023-eec9ce5935)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-eec9ce5935 advisory. This update backports the fix for a serious security issue that could cause arbitrary code execution, tracked as CVE-2023-43641. See this write-up by Kevin...

Fedora 38 : tracker-miners (2023-e8f45c67f5)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-e8f45c67f5 advisory. Seccomp jail improvements CVE-2023-43641 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

Debian DSA-5524-1 : libcue - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5524 advisory. - libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME...

GLSA-202310-10 : libcue: Arbitrary Code Execution

The remote host is affected by the vulnerability described in GLSA-202310-10 libcue: Arbitrary Code Execution - libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment ca...

Slackware Linux 15.0 / current libcue Vulnerability (SSA:2023-283-01)

The version of libcue installed on the remote host is prior to 2.2.1. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-283-01 advisory. - libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds arr...

USN-6263-1 openjdk-8, openjdk-lts, openjdk-17 vulnerabilities

Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17. CVE-2023-22006 Eirik Bjørsnøs discovered that...

GHSA-29MF-62XX-28JQ buffered-reader vulnerable to out-of-bounds array access leading to panic

Affected versions of the crate have a bug where attacker-controlled input can result in the use of an out-of-bound array index. Rust detects the use of the out-of-bound index and causes the application to panic. An attacker may be able to use this to cause a denial-of-service. However, it is not...

buffered-reader vulnerable to out-of-bounds array access leading to panic

Affected versions of the crate have a bug where attacker-controlled input can result in the use of an out-of-bound array index. Rust detects the use of the out-of-bound index and causes the application to panic. An attacker may be able to use this to cause a denial-of-service. However, it is not...

GHSA-25MX-8F3V-8WH7 sequoia-openpgp vulnerable to out-of-bounds array access leading to panic

Affected versions of the crate have several bugs where attacker-controlled input can result in the use of an out-of-bound array index. Rust detects the use of the out-of-bound index and causes the application to panic. An attacker may be able to use this to cause a denial-of-service. However, it ...

sequoia-openpgp vulnerable to out-of-bounds array access leading to panic

Affected versions of the crate have several bugs where attacker-controlled input can result in the use of an out-of-bound array index. Rust detects the use of the out-of-bound index and causes the application to panic. An attacker may be able to use this to cause a denial-of-service. However, it ...

Improper Access Control

vyper is vulnerable to Improper Access Control. If the length word of a dynarray is on both the left-hand side and the right-hand side of an assignment, it may result in out-of-bounds array access, resulting in call frame data corruption...

RUSTSEC-2023-0039 Out-of-bounds array access leads to panic

Affected versions of the crate have a bug where attacker-controlled input can result in the use of an out-of-bound array index. Rust detects the use of the out-of-bound index and causes the application to panic. An attacker may be able to use this to cause a denial-of-service. However, it is not...

Out-of-bounds array access leads to panic

Affected versions of the crate have a bug where attacker-controlled input can result in the use of an out-of-bound array index. Rust detects the use of the out-of-bound index and causes the application to panic. An attacker may be able to use this to cause a denial-of-service. However, it is not...

CVE-2023-31146

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment...