Fedora: Security Advisory (FEDORA-2024-430678b035)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-a84c59eedc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OESA-2024-2092 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer...

OESA-2024-2095 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer...

Fedora 40 : lua-mpack (2024-430678b035)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-430678b035 advisory. Fix buffer overrun when giving an offset to Session:receive Tenable has extracted the preceding description block directly from the Fedora security advisory...

ROS-20240906-02

Vulnerability of the kmemcachedestroy function of the lib/listdebug.c library of the Linux kernel is related to a buffer overrun. is related to an operation exceeding the buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

The vulnerability of the tsc2046 component in the Linux operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the tsc2046 component in the Linux operating system is related to writing beyond the allowed write limits. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the NTLMSSP discriver, an analyzer of computer network traffic by Wireshark, allows a hacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the NTLMSSP discriminator and the Wireshark traffic analyzer involves an issue where an operation is executed outside the buffer in memory, as a result of a pointer being reassigned when its validity period has expired. Exploiting this vulnerability allows a remote attacker t...

CBL Mariner 2.0 Security Update: openssl (CVE-2021-3712)

The version of openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-3712 advisory. - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer...

kernel: crypto: bcm - Fix pointer arithmetic

In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2dumpomd value of ptr is increased by ciphkeylen instead of hashivlen which could lead to going beyond the buffer boundaries. Fix this bug by changing ciphkeylen to hashivlen. Found by...

The vulnerability of the Windows RRAS operating system’s routing and remote access services allows attackers to disclose sensitive information.

The vulnerability of the Windows RRAS operating system’s routing and remote access service is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

CVE-2024-6812

IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious pag...

The vulnerability of the NTFS file system in Windows operating systems allows attackers to increase their privileges.

The vulnerability of the NTFS file system in Windows operating systems is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the Windows Hyper-V hardware virtualization system allows attackers to escalate their privileges.

The vulnerability of the Windows Hyper-V hardware virtualization system in Windows operating systems is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to gain increased privileges...

The vulnerability of the Security Center Broker component of the Windows operating system, which allows a perpetrator to disclose protected information

The vulnerability of the Security Center Broker component of the Windows operating system is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to disclose sensitive information that is protected by security measures...

firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers

...

CVE-2021-46746

CVE-2021-46746 : The AMD ASP/TEE stack protection gap allows a privileged attacker with access to AMD signing keys to corrupt the return address via a stack-based buffer overrun, potentially causing a denial of service. This aligns with AMD’s CVE entry (base score 5.2, local access, high attack c...

CVE-2021-46746

Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment TEE may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service...

CVE-2021-46746

Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment TEE may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service...

ROS-20240812-16

Vulnerability of the dovccioctl function in the net/atm/ioctl.c module of the ATM Asynchronous Transfer Mode network protocol implementation of the Linux kernel is related to the reuse of a previously exploited ATM protocol. Asynchronous Transfer Mode kernel of the Linux operating system is relat...