Medium: kernel

Issue Overview: A buffer overrun vulnerability was found in the netback driver in Xen due to an unusual split packet. This flaw allows an unprivileged guest to cause a denial of service DoS of the host by sending network packets to the backend, causing the backend to crash. CVE-2023-34319 A...

Debian DLA-3538-1 : zabbix - LTS security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3538 advisory. - Zabbix before 5.0 represents passwords in the users table with unsalted MD5. CVE-2013-7484 - An issue was discovered in...

The vulnerability of the lsi53c895a.c component of the hardware emulation software QEMU, which allows a hacker to trigger a service failure.

The vulnerability of the lsi53c895a.c component of the QEMU hardware emulator is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to cause a system failure...

The vulnerability of the close() function in the iffoutput component of the OpenImageIO image processing library allows a perpetrator to access confidential data, compromise its integrity, and cause service failure.

The vulnerability of the close function in the iffoutput image processing library in OpenImageIO is related to the output of operations that go beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to gain access to confidential data, compromise its...

The vulnerability of the close() function in the iffoutput component of the OpenImageIO image processing library allows a perpetrator to access confidential data, compromise its integrity, and cause service failure.

The vulnerability of the close function in the iffoutput image processing library in OpenImageIO is related to the output of operations that go beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to gain access to confidential data, compromise its...

Medium: kernel

Issue Overview: A buffer overrun vulnerability was found in the netback driver in Xen due to an unusual split packet. This flaw allows an unprivileged guest to cause a denial of service DoS of the host by sending network packets to the backend, causing the backend to crash. CVE-2023-34319 A...

PT-2023-26977 · Unknown · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. It requires user interaction, such as visiting a malicious page or opening a malicious fil...

Fedora 38 : opensc (2023-29530cc60b)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-29530cc60b advisory. Fix buffer overrun vulnerability 2211088, fixes CVE-2023-2977 Tenable has extracted the preceding description block directly from the Fedora securit...

FreeBSD : MySQL -- Multiple vulnerabilities (759a5599-3ce8-11ee-a0d1-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 759a5599-3ce8-11ee-a0d1-84a93843eb75 advisory. - A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an...

Fedora 37 : opensc (2023-2afb831742)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-2afb831742 advisory. Fix buffer overrun vulnerability 2211088, fixes CVE-2023-2977 Tenable has extracted the preceding description block directly from the Fedora securit...

apr: integer overflow/wraparound in apr_encode

A flaw was found in Apache Portable Runtime APR. This issue may allow a malicious attacker to write beyond the bounds of a buffer...

The vulnerability of Blink’s web page display mechanism in Google Chrome browser allows attackers to circumvent existing security restrictions.

The vulnerability of Blink’s web page rendering mechanism in Google Chrome browsers is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to circumvent existing security restrictions by using a specially crafted HTML page...

Fedora 38 : kernel (2023-ddfd3073b3)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-ddfd3073b3 advisory. The 6.4.9 stable kernel update contains a number of important fixes across the tree. Tenable has extracted the preceding description block directly...

Fedora 37 : kernel (2023-638681260a)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-638681260a advisory. The 6.4.9 stable kernel update contains a number of important fixes across the tree. Tenable has extracted the preceding description block directly...

CVE-2023-34319

A buffer overrun vulnerability was found in the netback driver in Xen due to an unusual split packet. This flaw allows an unprivileged guest to cause a denial of service DoS of the host by sending network packets to the backend, causing the backend to crash...

CVE-2023-34319

The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately the logic introduced there didn't account for the extreme case of the entire packet being split into as many piece...

The vulnerability of the addWifiMacFilter() function in Tenda router software allows a hacker to execute arbitrary code or cause service failure.

The vulnerability of the addWifiMacFilter function in Tenda router software lies in the fact that the operation’s output goes beyond the buffer in memory when processing the deviceId parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause service...

The vulnerability of Siemens Solid Edge’s design and simulation tools relates to the execution of operations beyond the buffer boundaries in memory. This allows attackers to execute arbitrary code.

The vulnerability of Siemens Solid Edge’s design and simulation tools relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially crafted DFT files...

The vulnerability of Siemens Solid Edge’s design and simulation tools relates to the execution of operations beyond the buffer boundaries in memory. This allows attackers to execute arbitrary code.

The vulnerability of Siemens Solid Edge’s design and simulation tools relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially crafted DFT files...

UBUNTU-CVE-2023-34319

The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately the logic introduced there didn't account for the extreme case of the entire packet being split into as many piece...