Medium: opensc

Issue Overview: OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decodebitstring in libopensc/asn1.c. CVE-2019-15945 OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1decodeentry in libopensc/asn1.c. CVE-2019-15946 An issue was...

Debian: Security Advisory (DSA-5502-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6381-1: GNU binutils vulnerabilities

It was discovered that a memory leak existed in certain GNU binutils modules. An attacker could possibly use this issue to cause a denial of service memory exhaustion. CVE-2020-19724, CVE-2020-21490 It was discovered that GNU binutils was not properly performing bounds checks in several functions...

Oracle Linux 6 : qemu-kvm (ELSA-2011-0534)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0534 advisory. - Resolves: bz698910 CVE-2011-1750 virtio-blk: heap buffer overflow caused by unaligned requests rhel-6.1 - Resolves: bz699789 CVE-2011-1751 acpipiix4:...

Oracle Linux 7 : opensc (ELSA-2019-2154)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-2154 advisory. 0.19.0-3 - Make OpenSC multilib also on s390 and ppc arches 0.19.0-2 - Make OpenSC multilib again by moving the conflicting files on ix86 arch 0.19.0-1...

Oracle Linux 8 : kernel (ELSA-2020-3010)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3010 advisory. - vfio vfio/pci: Fix SR-IOV VF handling with MMIO blocking Alex Williamson 1837309 1837310 CVE-2020-12888 - x86 kvm: Clean up host's steal time structu...

Oracle Linux 7 : php55-php (ELSA-2015-1186)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1186 advisory. - core: fix multipart/form-data request can use excessive amount of CPU usage CVE-2015-4024 - fix various functions accept paths with NUL character...

Oracle Linux 5 : ELSA-2012-1323-1: / kernel (ELSA-2012-13231)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-13231 advisory. - The rdsrecvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users...

[SECURITY] [DLA 3556-1] aom security update

Debian LTS Advisory DLA-3556-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany September 06, 2023 https://wiki.debian.org/LTS Package : aom Version : 1.0.0-3+deb10u1 CVE ID : CVE-2020-36130 CVE-2020-36131 CVE-2020-36133 CVE-2020-36135 CVE-2021-30473 CVE-2021-30474...

[SECURITY] [DSA 5490-1] aom security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5490-1 [email protected] https://www.debian.org/security/ Markus Koschany September 06, 2023 https://www.debian.org/security/faq -...

RHEL 8 : kernel (RHSA-2023:4789)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4789 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use-after-free in l2capconnect...

Silicon Labs Gecko Bootloader 安全漏洞

Silicon Labs Gecko Bootloader is a bootloader from Silicon Labs, Inc. A security vulnerability exists in Silicon Labs Gecko Bootloader that stems from not checking input size, resulting in buffer overflows, out-of-bounds writes, and more...

CVE-2023-39666

D-Link DIR-842 fwrevA1-02eumulti20151008 was discovered to contain multiple buffer overflows in the fgets function via the acStack120 and acStack220 parameters...

Critical Security Flaws Affect Ivanti Avalanche, Threatening 30,000 Organizations

Multiple critical security flaws have been reported in Ivanti Avalanche, an enterprise mobile device management solution that's used by 30,000 organizations. The vulnerabilities, collectively tracked as CVE-2023-32560 CVSS score: 9.8, are stack-based buffer overflows in Ivanti Avalanche...

Debian: Security Advisory (DLA-3518-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-36499

Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wlassid and wlgssid parameters at genieapwifichange.cgi...

CVE-2023-38922

Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the httppasswd and httpusername parameters in the updateauth function...

CVE-2023-38412

Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wlassid and wlgssid parameters at iaapsetting.cgi...

CVE-2023-38591

Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wlassid and wlatempssid parameters at bswssid.cgi...

Buffer overflow

Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the httppasswd and httpusername parameters in the updateauth function...