Moderate: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: Buffer overrun in String-to-Float conversion CVE-2022-28739 ruby...

The vulnerability of the ProcXIPassiveUngrabDevice function in the Wayland protocol for X.Org XWayland, which is part of the X.Org Server for the X Window System, allows a intruder to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the ProcXIPassiveUngrabDevice function in the Wayland protocol for X.Org XWayland, implemented by the X.Org Server, is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity...

The vulnerability of the XTestSwapFakeInput function in the X Window System X.Org Server, and the Wayland protocol for X.Org XWayland, allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the XTestSwapFakeInput function in the X Window System X.Org Server, and the Wayland protocol for X.Org XWayland, is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity,...

CentOS 8 : opensc (CESA-2023:7160)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2023:7160 advisory. - A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardoshaveverifyrcpackage. The attacker can supply a sma...

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to the occurrence of operations outside the buffer in memory, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit relates to the escape of operations beyond the buffer in memory. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service failures...

The vulnerability of the OpenImageIO image processing library, related to the occurrence of operations outside the buffer in memory, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the OpenImageIO image processing library lies in the escape of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and even cause service failures through the use...

PostgreSQL 11.x < 11.22, 12.x < 12.17, 13.x < 13.13, 14.x < 14.10, 15.x < 15.5, 16.x < 16.1 Multiple Vulnerabilities - Windows

PostgreSQL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postgresql:postgresql";...

The vulnerability of the Drawing SDK, a software development tool for engineering applications, relates to writing beyond the buffer boundaries in memory. This allows an attacker to execute arbitrary code.

The vulnerability of the Drawing SDK, a software development tool for engineering applications, is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using specially crafted DXF files...

FreeBSD : postgresql-server -- Buffer overrun from integer overflow in array modification (0f445859-7f0e-11ee-94b4-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0f445859-7f0e-11ee-94b4-6cc21735f730 advisory. - Buffer overrun from integer overflow in array modificationmore details CVE-2023-5869 Note that Nessus...

postgresql-server -- Buffer overrun from integer overflow in array modification

PostgreSQL Project reports: While modifying certain SQL array values, missing overflow checks let authenticated database users write arbitrary bytes to a memory area that facilitates arbitrary code execution. Missing overflow checks also let authenticated database users read a wide area of server...

The vulnerability of Citrix ADC application delivery controllers (formerly known as Citrix NetScaler Application Delivery Controller) and Citrix Gateway virtual environment access control systems (formerly known as Citrix NetScaler Gateway) relates to an operation that goes beyond the buffer in memory, allowing a malicious actor to cause service failures.

The vulnerability of the Citrix ADC application delivery controller formerly Citrix NetScaler Application Delivery Controller and the Citrix Gateway access control system formerly Citrix NetScaler Gateway relates to an operation that goes beyond the buffer in memory. Exploiting this vulnerability...

Low: Red Hat Security Advisory: opensc security update

An update for opensc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

opensc: buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package

A vulnerability was found in OpenSC. This issue causes a buffer overrun in the pkcs15 cardoshaveverifyrcpackage. This flaw allows an attacker to supply a smart card package with a malformed ASN1 context. The cardoshaveverifyrcpackage function scans the ASN1 buffer for two tags, where the remainin...

RHEL 9 : opensc (RHSA-2023:6587)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:6587 advisory. The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operation...

RHEL 9 : tpm2-tss (RHSA-2023:6685)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6685 advisory. The tpm2-tss packages provide the Intel implementation of the Trusted Platform Module TPM 2.0 System API library. This library enables programs to...

Fedora 39 : netconsd (2023-9adf4a31cc)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-9adf4a31cc advisory. Update to prevent invalid fragment values from leading to a buffer overrun Tenable has extracted the preceding description block directly from the Fedora...

Low: opensc security update

The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures. Security Fixes: opensc: buffer overrun vulnerability in pkcs15...

ALSA-2023:6587 Low: opensc security update

The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures. Security Fixes: opensc: buffer overrun vulnerability in pkcs15...

Rocky Linux 9 : openssl (RLSA-2022:7288)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7288 advisory. - A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate...

The vulnerability of the TranslationVectors function in the software for converting chemical substance formats in Open Babel allows a hacker to execute arbitrary code.

The vulnerability of the TranslationVectors function in the software for converting chemical substance formats in Open Babel is related to writing outside the buffer boundaries. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code using a specially crafted file...