SUSE SLES12 Security Update : hdf5 (SUSE-SU-2022:3824-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3824-1 advisory. - A out of bounds read was discovered in H5VMmemcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of...

SUSE-SU-2022:3829-1 Security update for hdf5

This update for hdf5 fixes the following issues: - CVE-2021-46244: Fixed division by zero leading to DoS bsc1195215. - CVE-2018-13867: Fixed out of bounds read in the function H5Faccumread in H5Faccum.c bsc1101906. - CVE-2018-16438: Fixed out of bounds read in H5Lexternquery at H5Lexternal.c...

OpenSSL: Multiple Vulnerabilities

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple buffer overflows exist in OpenSSL's handling of TLS certificates for client authentication. Impa...

OpenSSL -- Buffer overflows in Email verification

The OpenSSL project reports: X.509 Email Address 4-byte Buffer Overflow CVE-2022-3602 High: A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. X.509 Email Address Variable Length Buffer Overflow CVE-2022-3786 High: A buffer overrun can b...

Ubuntu 16.04 ESM : LibTIFF vulnerabilities (USN-5705-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5705-1 advisory. Chintan Shah discovered that LibTIFF incorrectly handled memory in certain conditions. An attacker could trick a user into processing a specially crafted...

CVE-2022-33185

Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user accoun...

Stack overflow

A vulnerability in fabseg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account...

CVE-2022-33184

A vulnerability in fabseg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account...

CVE-2022-33185

Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user accoun...

CVE-2021-26729

Command injection and multiple stack-based buffer overflows vulnerabilities in the Loginhandlerfunc function of spxrestservice allow an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

CVE-2021-26731

Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserbfunc function of spxrestservice allow an authenticated attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware...

Stack overflow

Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNethandlerfunc function of spxrestservice allow an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10...

Stack overflow

Command injection and multiple stack-based buffer overflows vulnerabilities in the Loginhandlerfunc function of spxrestservice allow an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

Stack overflow

Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserbfunc function of spxrestservice allow an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

CVE-2021-26727 spx_restservice SubNet_handler_func Multiple Command Injections and Stack-Based Buffer Overflows

Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNethandlerfunc function of spxrestservice allow an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10...

CVE-2021-26731 spx_restservice modifyUserb_func Command Injection and Multiple Stack-Based Buffer Overflows

Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserbfunc function of spxrestservice allow an authenticated attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware...

CVE-2021-26729

CVE-2021-26729 affects Lanner Inc IAC-AST2500A standard firmware version 1.10.0. The issue is a vulnerability in the spx_restservice “Login_handler_func” that enables command injection and multiple stack-based buffer overflows , allowing an attacker to execute arbitrary code with the same privile...

CVE-2021-26727 spx_restservice SubNet_handler_func Multiple Command Injections and Stack-Based Buffer Overflows

Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNethandlerfunc function of spxrestservice allow an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10...

SUSE: Security Advisory (SUSE-SU-2022:3687-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-26729 spx_restservice Login_handler_func Command Injection and Multiple Stack-Based Buffer Overflows

Command injection and multiple stack-based buffer overflows vulnerabilities in the Loginhandlerfunc function of spxrestservice allow an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...