Debian dla-3463 : opensc - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3463 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3463-1 [email protected]...

The vulnerability of the Autodesk FBX Software Developer Kit allows a perpetrator to execute arbitrary code.

The vulnerability of the Autodesk FBX Software Developer Kit is related to writing beyond buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : opensc (SUSE-SU-2023:2516-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2516-1 advisory. - CVE-2023-2977: Fixed out of bounds read in pkcs15 cardoshaveverifyrcpackage bsc1211894. Tenable has...

SUSE SLES15 Security Update : opensc (SUSE-SU-2023:2508-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2023:2508-1 advisory. - CVE-2023-2977: Fixed out of bounds read in pkcs15 cardoshaveverifyrcpackage bsc1211894. Tenable has extracted the preceding description block directl...

CVE-2023-34115

Buffer copy without checking size of input in Zoom Meeting SDK before 5.13.0 may allow an authenticated user to potentially enable a denial of service via local access. This issue may result in the Zoom Meeting SDK to crash and need to be restarted...

The vulnerability of the Foxboro.sys driver of the distributed system management software EcoStruxureTM Foxboro DCS Control Core Services allows a attacker to execute arbitrary code.

The vulnerability of the Foxboro.sys driver, a microprogramming software for the distributed control system EcoStruxureTM Foxboro DCS Control Core Services, is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code by...

Amazon Linux 2023 : opensc (ALAS2023-2023-207)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-207 advisory. A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardoshaveverifyrcpackage. The attacker can supply a smart card package with malformed ASN1 context...

Medium: opensc

Issue Overview: A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardoshaveverifyrcpackage. The attacker can supply a smart card package with malformed ASN1 context. The cardoshaveverifyrcpackage function scans the ASN1 buffer for 2 tags, where...

The vulnerabilities of the MP4BytesProperty and MP4StringProperty classes in the library for creating, modifying, and reading MP4 files, mp4v2, allow attackers to cause service interruptions.

The vulnerability of the MP4BytesProperty and MP4StringProperty classes in the library for creating, modifying, and reading MP4 files, mp4v2, is related to the issue where operations are performed outside of the buffer during the processing of variable count values. Exploiting this vulnerability...

EulerOS 2.0 SP5 : tpm2-tss (EulerOS-SA-2023-2178)

According to the versions of the tpm2-tss package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - tpm2-tss is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Stack TSS2. In...

Huawei EulerOS: Security Advisory for tpm2-tss (EulerOS-SA-2023-2178)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the sub_48AC20 function in D-Link DIR-882 A1 wireless router’s microprogramming software allows for the execution of arbitrary code.

The vulnerability of the sub48AC20 function in D-Link DIR-882 A1 wireless router’s microprogramming software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

EulerOS Virtualization 2.11.1 : tpm2-tss (EulerOS-SA-2023-2062)

According to the versions of the tpm2-tss package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - tpm2-tss is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Sta...

EulerOS Virtualization 2.11.0 : tpm2-tss (EulerOS-SA-2023-2114)

According to the versions of the tpm2-tss package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - tpm2-tss is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Sta...

Huawei EulerOS: Security Advisory for tpm2-tss (EulerOS-SA-2023-2114)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for tpm2-tss (EulerOS-SA-2023-2062)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.11.1 : systemd (EulerOS-SA-2023-2061)

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An off-by-one Error issue was discovered in Systemd in formattimespan function of time-util.c. An attacker could supply specific...

Security Bulletin: IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway, Configuration Utility, VPN, Certificate and Base Module affected by multiple vulnerabilities

Summary Vulnerabilities contained within libcurl a 3rd party component and Open SSL were addressed in the IBM MaaS360 Cloud Extender Agent, Configuration Utility, Certificate, VPN and Base Modules. Vulnerabilities contained within Netty a 3rd party component were addressed in the IBM MaaS360 Mobi...

A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.

...

The vulnerability of Cisco SD-WAN vEdge router microprogramming software, related to the execution of operations outside the buffer in memory, allows a attacker to cause service failure.

The vulnerability of Cisco SD-WAN vEdge microprogramming software relates to the execution of operations outside the buffer in memory when handling traffic. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...