CLSA-2024-1718898745 vorbis-tools: Fix of CVE-2023-43361

CVE-2023-43361: fix out-of-buffer operations...

.NET 7.0 security update

An update is available for dotnet7.0. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...

RLSA-2024:2842 Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.105 and .NET Runtime 8.0.5...

RLSA-2024:2843 Important: .NET 7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.119 and .NET Runtime 7.0.19...

.NET 7.0 security update

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...

RLSA-2024:3340 Important: .NET 7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.119 and .NET Runtime 7.0.19...

.NET 8.0 security update

An update is available for dotnet8.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...

RLSA-2024:3345 Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.105 and .NET Runtime 8.0.5...

Rocky Linux 8 : .NET 8.0 (RLSA-2024:3345)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3345 advisory. dotnet: stack buffer overrun in Double Parse CVE-2024-30045 dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop...

Rocky Linux 9 : .NET 8.0 (RLSA-2024:2842)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2842 advisory. dotnet: stack buffer overrun in Double Parse CVE-2024-30045 dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop...

Rocky Linux 8 : .NET 7.0 (RLSA-2024:3340)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3340 advisory. dotnet: stack buffer overrun in Double Parse CVE-2024-30045 dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop...

Rocky Linux 9 : .NET 7.0 (RLSA-2024:2843)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2843 advisory. dotnet: stack buffer overrun in Double Parse CVE-2024-30045 dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop...

CVE-2024-0099

NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could cause buffer overrun in the host. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service...

CVE-2024-0099 CVE

NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could cause buffer overrun in the host. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service...

CVE-2024-0099 CVE

NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could cause buffer overrun in the host. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service...

CVE-2024-0099

CVE-2024-0099 concerns NVIDIA vGPU software for Linux (Virtual GPU Manager). The guest OS could trigger a host buffer overrun, with documented potential impacts including information disclosure, data tampering, escalation of privileges, and denial of service. Connected sources corroborate a vulne...

ruby security update

3.0.7-162 - Upgrade to Ruby 3.0.7. Resolves: RHEL-35740 - Fix HTTP response splitting in CGI. Resolves: RHEL-35741 - Fix ReDoS vulnerability in URI. Resolves: RHEL-35742 - Fix ReDoS vulnerability in Time. Resolves: RHEL-35743 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35744 -...

NVIDIA Virtual GPU Manager Multiple Vulnerabilities (June 2024)

The NVIDIA Virtual GPU Manager software on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, including the following: - NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful...

ROS-20240611-12

Vulnerability of the named DNS server daemon BIND is related to an operation overrunning the buffer boundaries in memory as a result of recursion during processing of received packets. as a result of uncontrolled recursion when processing received packets. Exploitation of the vulnerability could...

The vulnerability of the Ivanti Secure Access Client (formerly Pulse Secure Desktop Client) for corporate networks’ VPN servers in Windows operating systems stems from an operation that goes beyond the buffer in memory, allowing a malicious actor to execute arbitrary code with SYSTEM privileges.

The vulnerability of the Ivanti Secure Access Client formerly Pulse Secure Desktop Client for corporate networks’ VPN servers on Windows operating systems is related to the execution of commands outside of the buffer in memory. Exploiting this vulnerability could allow a malicious actor to execut...