Oracle Linux 8 : opensc (ELSA-2023-7160)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-7160 advisory. - Fix CVE-2023-2977: potential buffer overrun in pkcs15 cardoshaveverifyrcpackage 2211093 Tenable has extracted the preceding description block directly from th...

The vulnerability of the Microsoft DWM Core Library on Windows operating systems allows attackers to escalate their privileges.

The vulnerability of the Microsoft DWM Core Library on Windows operating systems relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain increased privileges...

ruby:2.5 security update

rubygem-abrt 0.3.0-4 - Execute test suite unconditionally. - Upload correct sources. 0.3.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora28MassRebuild 0.3.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora27MassRebuild 0.3.0-1 - Update to abrt 0.3.0. 0.2.0-2 - Rebuilt for...

opensc security and bug fix update

0.20.0-6 - Fix introduced issues tagged by coverity RHEL-765 0.20.0-5 - Avoid potential crash because of missing list terminator 2196234 - Fix CVE-2023-2977: potential buffer overrun in pkcs15 cardoshaveverifyrcpackage 2211093 - Backport upstream changes regarding to reader removal 2097048...

Oracle Linux 9 : tpm2-tss (ELSA-2023-6685)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-6685 advisory. 3.2.2-2 - Remove misapplied license Resolves: rhbz2160307 3.2.2-1 - Rebase to 3.2.2 - Use systemd-sysusers to create user Resolves: CVE-2023-22745 Resolves:...

The vulnerability of the ReGIS Reporting function for creating vector graphics in the XTerm terminal emulator allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the ReGIS Reporting function for vector graphics in the XTerm terminal emulator is related to the escape operation going beyond the buffer boundaries when processing string names. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality,...

Oracle Linux 9 : opensc (ELSA-2023-6587)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-6587 advisory. - Fix CVE-2023-2977: buffer overrun in pkcs15init for cardos Tenable has extracted the preceding description block directly from the Oracle Linux security...

The vulnerability of the monitoring software for PLK TELLUS and TELLUS Lite lies in the fact that operations are executed outside the buffer in memory, allowing a hacker to execute arbitrary code.

The vulnerability of the monitoring software for TELLUS and TELLUS Lite systems lies in the fact that the execution of operations goes beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted file...

Low: Red Hat Security Advisory: opensc security and bug fix update

An update for opensc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

opensc: buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package

A vulnerability was found in OpenSC. This issue causes a buffer overrun in the pkcs15 cardoshaveverifyrcpackage. This flaw allows an attacker to supply a smart card package with a malformed ASN1 context. The cardoshaveverifyrcpackage function scans the ASN1 buffer for two tags, where the remainin...

ruby: Buffer overrun in String-to-Float conversion

A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read...

Moderate: Red Hat Security Advisory: ruby:2.5 security update

An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

The vulnerability in the elfcomm.c component of the GNU Binutils development environment allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the elfcomm.c component of the GNU Binutils development environment is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and caus...

The vulnerability of the `aout_get_external_symbols` function in the `aoutx.h` component of the GNU Binutils development environment allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the aoutgetexternalsymbols function in the aoutx.h component of the GNU Binutils development environment is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise...

The vulnerability of the elf32-i386.c and elf64-x86-64.c components of the GNU Binutils development environment allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the elf32-i386.c and elf64-x86-64.c components of the GNU Binutils development environment is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its...

The vulnerability of the dwarf2.c component in the GNU Binutils development environment allows a hacker to trigger a service failure.

The vulnerability of the dwarf2.c component in the GNU Binutils development environment is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to cause a service failure...

ALSA-2023:7160 Low: opensc security and bug fix update

The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures. Security Fixes: opensc: buffer overrun vulnerability in pkcs15...

ALSA-2023:7025 Moderate: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: Buffer overrun in String-to-Float conversion CVE-2022-28739 ruby...

CentOS 8 : tpm2-tss (CESA-2023:7166)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:7166 advisory. - tpm2-tss is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Stack TSS2. In affected versions...

RHEL 8 : opensc (RHSA-2023:7160)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:7160 advisory. The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operation...