Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-2406)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-2381)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : ruby (EulerOS-SA-2024-2406)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and unge...

EulerOS 2.0 SP9 : ruby (EulerOS-SA-2024-2381)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and unge...

In Gluster GlusterFS 11.0 there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read.

...

Dell Precision Rack BIOS 安全漏洞

Dell Precision Rack BIOS is a BIOS utility for high-performance workstation products from Dell USA. An information disclosure vulnerability exists in the Dell Precision Rack BIOS that originates from accessing a memory location after the end of a buffer. A low-privileged attacker with local acces...

RUSTSEC-2024-0443 webp crate may expose memory contents when encoding an image

Affected versions of this crate did not check that the input slice passed to "webp::Encoder::encode is large enough for the specified image dimensions. If the input slice is too short, the library will read out of bounds of the buffer and encode other memory contents as an image, resulting in...

openSUSE Security Advisory (SUSE-SU-2024:3119-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:3119-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : openssl-1_0_0 (SUSE-SU-2024:3119-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3119-1 advisory. - CVE-2024-5535: Fixed a buffer overread in function SSLselectnextproto with an empty supported client protocols buffer...

SUSE-SU-2024:3119-1 Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSLselectnextproto with an empty supported client protocols buffer bsc1227138, bsc1227227...

FreeBSD : OpenSSL -- Multiple vulnerabilities (21f505f4-6a1c-11ef-b611-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 21f505f4-6a1c-11ef-b611-84a93843eb75 advisory. The OpenSSL project reports: Possible denial of service in X.509 name checks Moderate severity...

OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports: Possible denial of service in X.509 name checks Moderate severity Applications performing certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address resulting in abnormal termination of the application process...

SUSE CVE-2024-5991

In function MatchDomainName, input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509checkhost takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do...

K000140882: OpenSSL vulnerability CVE-2024-5535

Security Advisory Description Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as...

kernel: wifi: iwlwifi: mvm: don't read past the mfuart notifcation

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't read past the mfuart notifcation In case the firmware sends a notification that claims it has more data than it has, we will read past that was allocated for the notification. Remove the print of the...

openSUSE Security Advisory (SUSE-SU-2024:3019-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2024:3019-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3019-1 advisory. - CVE-2024-5535: Fixed a buffer overread in function SSLselectnextproto with an empty supported client...

CentOS 9 : openssl-3.2.2-4.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the openssl-3.2.2-4.el9 build changelog. - SSLselectnextproto buffer overread CVE-2024-5535 Note that Nessus has not tested for this issue but has instead relied only on the application's...

AZL-48342 CVE-2024-5991 affecting package mariadb for versions less than 10.6.9-4

In function MatchDomainName, input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509checkhost takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do...