libX11 -- Sub-object overflows

The X.Org project reports: Buffer overflows in InitExt.c in libX11 prior to 1.8.6 CVE-2023-3138 The functions in src/InitExt.c in libX11 prior to 1.8.6 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, usi...

CVE-2023-34095

cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends CPDB project. In versions 1.0 through 2.0b4, cpdb-libs is vulnerable to buffer overflows via improper use of scanf3. cpdb-libs uses the fscanf and scanf functions to parse command lines and configuration...

CVE-2023-34095 cpdb-libs vulnerable to buffer overflows via scanf

cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends CPDB project. In versions 1.0 through 2.0b4, cpdb-libs is vulnerable to buffer overflows via improper use of scanf3. cpdb-libs uses the fscanf and scanf functions to parse command lines and configuration...

CVE-2023-34095 cpdb-libs vulnerable to buffer overflows via scanf

cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends CPDB project. In versions 1.0 through 2.0b4, cpdb-libs is vulnerable to buffer overflows via improper use of scanf3. cpdb-libs uses the fscanf and scanf functions to parse command lines and configuration...

CVE-2023-34095

cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends CPDB project. In versions 1.0 through 2.0b4, cpdb-libs is vulnerable to buffer overflows via improper use of scanf3. cpdb-libs uses the fscanf and scanf functions to parse command lines and configuration...

EulerOS Virtualization 3.0.6.0 : libtiff (EulerOS-SA-2023-2241)

According to the versions of the libtiff packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For use...

[SECURITY] [DLA 3453-1] vim security update

Debian LTS Advisory DLA-3453-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany June 12, 2023 https://wiki.debian.org/LTS Package : vim Version : 2:8.1.0875-5+deb10u5 CVE ID : CVE-2022-4141 CVE-2023-0054 CVE-2023-1175 CVE-2023-2610 Debian Bug : 1027146 1031875...

Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2023-2126)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-2804

A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2mergedupsampleinternal function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could cra...

CVE-2023-2804

A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2mergedupsampleinternal function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could cra...

CVE-2023-23302

The Toybox.GenericChannel.setDeviceConfig API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the executi...

CVE-2023-23302

Summary of CVE-2023-23302 (Ciq API): The vulnerability affects CIQ API versions 1.2.0 through 4.1.7, specifically the Toybox.GenericChannel.setDeviceConfig method. The issue is that the API does not validate its parameter, which can cause buffer overflows when copying various attributes. This can...

CVE-2023-23305

The CVE-2023-23305 entry concerns the GarminOS TVM component in CIQ API versions 1.0.0 through 4.1.7, which is reported to be vulnerable to various buffer overflows when loading binary resources. This could allow a malicious application embedding crafted resources to hijack firmware execution. Se...

Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2023-1936)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.0 : libtiff (EulerOS-SA-2023-1936)

According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A stack overflow was discovered in the TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a...

Oracle Linux 9 : libtiff (ELSA-2023-2340)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2340 advisory. - Fix CVE-2022-3970 - Resolves: CVE-2022-3970 - Fix CVE-2022-3597 CVE-2022-3626 CVE-2022-3599 CVE-2022-3570 CVE-2022-3598 CVE-2022-3627 Tenable has...

Oracle Linux 9 : 8.1 (ELSA-2023-2417)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2417 advisory. php-pecl-apcu 5.1.21-1 - update to 5.1.21 for PHP 8.1 2070040 php-pecl-rrd 2.0.3-4 - build for PHP 8.1 2070040 php-pecl-xdebug3 3.1.4-1 - update to 3.1...

SUSE CVE-2002-0656

Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via 1 a large client master key in SSL2 or 2 a large session ID in SSL3...

RHEL 9 : libtiff (RHSA-2023:2340)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2340 advisory. The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: heap Buff...

Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: heap Buffer overflows in tiffcrop.c CVE-2022-3570 libtiff: out-of-bounds write in TIFFmemcpy in libtiff/tifunix CVE-2022-3597 libtiff: out-of-bounds write in...