SUSE CVE-2023-22745

tpm2-tss is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Stack TSS2. In versions prior to 4.1.0-rc0, 4.0.1, and 3.2.2-rc1, Tss2RCSetHandler and Tss2RCDecode both index into layerhandler with an 8 bit layer number, but the array...

Microsoft Edge browser’s vulnerability, related to the execution of operations beyond the buffer in memory, allows attackers to execute arbitrary code.

The vulnerability of Microsoft Edge relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

K000132537: OpenSSL vulnerabilities CVE-2022-4203, CVE-2023-0216, CVE-2023-0217, and CVE-2023-0401

Security Advisory Description CVE-2022-4203 A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or...

CVE-2023-24993

A vulnerability has been identified in Tecnomatix Plant Simulation All versions V2201.0006. The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the...

CVE-2023-24989

A vulnerability has been identified in Tecnomatix Plant Simulation All versions V2201.0006. The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the...

CVE-2023-24996

A vulnerability has been identified in Tecnomatix Plant Simulation All versions V2201.0006. The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the...

Tecnomatix Plant Simulation 缓冲区错误漏洞

Siemens Tecnomatix Plant Simulation is an object-oriented, graphical, integrated modeling and simulation tool. An out-of-bounds write vulnerability exists in Siemens Tecnomatix Plant Simulation due to an affected application containing an out-of-bounds write beyond the end of the allocated buffer...

PT-2023-1975 · Datakit +1 · Crosscadware X64.Dll +1

Name of the Vulnerable Software and Affected Versions: Datakit CrossCadWare x64.dll affected versions not specified Description: The issue is related to an out-of-bounds write past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This could allow an attacker to execut...

PT-2023-3244 · Siemens · Tecnomatix Plant Simulation

Name of the Vulnerable Software and Affected Versions: Tecnomatix Plant Simulation versions prior to V2201.0006 Description: A vulnerability has been identified in the affected application, which contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted...

The vulnerability of the apr_socket_sendv() function in the Apache Portable Runtime (APR) library on Windows operating systems allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the aprsocketsendv function in the Apache Portable Runtime APR library on Windows operating systems is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and...

OESA-2023-1079 tpm2-tss security update

tpm2-tss is a software stack supporting Trusted Platform ModuleTPM 2.0 system APIs which provides TPM2.0 specified APIs for applications to access TPM module through kernel TPM drivers. Security Fixes: tpm2-tss is an open source software implementation of the Trusted Computing Group TCG Trusted...

EulerOS 2.0 SP10 : systemd (EulerOS-SA-2023-1402)

According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An off-by-one Error issue was discovered in Systemd in formattimespan function of time-util.c. An attacker could supply specific values for tim...

Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2023-1374)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-CF4G-FCF8-3CR9 `pnet_packet` buffer overrun in `set_payload` setters

As indicated by this issue, a buffer overrun is possible in the setpayload setter of the various mutable "Packet" struct setters. The offending setpayload functions were defined within the struct impl blocks in earlier versions of the package, and later by the packet macro. Fixed in the packet...

`pnet_packet` buffer overrun in `set_payload` setters

As indicated by this issue, a buffer overrun is possible in the setpayload setter of the various mutable "Packet" struct setters. The offending setpayload functions were defined within the struct impl blocks in earlier versions of the package, and later by the packet macro. Fixed in the packet...

Fedora 37 : tpm2-tss (2023-25617e952a)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-25617e952a advisory. Fixed: A buffer overflow in tss2-rc as CVE-2023-22745. The drv layer in tss2-rc should have been the policy layer. Spec deviation in FapiGetDescription cause...

openssl-src contains Read Buffer Overflow in X.509 Name Constraint

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

The vulnerability of the Adobe Digital Editions e-book reading program, related to the execution of operations beyond the buffer in memory, allows a hacker to execute arbitrary code.

The vulnerability of the Adobe Digital Editions e-book reading program relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially created malware file...

EulerOS 2.0 SP8 : NetworkManager (EulerOS-SA-2023-1329)

According to the versions of the NetworkManager packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An off-by-one Error issue was discovered in Systemd in formattimespan function of time-util.c. An attacker could supply specific values...

SUSE SLED15: libopenssl-3-devel / libopenssl-3-devel-32bit / libopenssl3 / etc (SUSE-SU-2023:0312-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0312-1 advisory. Security fixes: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERALNAMEcmp for...