ALSA-2024:3500 Moderate: ruby:3.0 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS...

Moderate: ruby:3.0 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS...

RHEL 8 : ruby:3.0 (RHSA-2024:3500)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3500 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

The vulnerability of the NVIDIA GPU Display Driver for Windows software allows a hacker to execute arbitrary code, disclose sensitive information, cause system failures, or gain increased privileges.

The vulnerability of the NVIDIA GPU Display Driver for Windows software lies in reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code, disclose sensitive information, cause system failures, or gain elevated privileges...

The vulnerability of the rds_recv_track_latency() function in the net/rds/af_rds.c module of the Linux operating system’s RDS (Reliable Datagram Sockets) kernel implementation allows a attacker to compromise the confidentiality and accessibility of protected information.

The vulnerability of the rdsrecvtracklatency function in the net/rds/afrds.c module of the Linux operating system’s RDS Reliable Datagram Sockets implementation is related to reading memory beyond the bounds of the allocated buffer. Exploiting this vulnerability could allow an attacker to...

The vulnerability of the ksmbd_nl_policy() function in the implementation of the SMB (Server Message Block) protocol within the in-core CIFS/SMB3-server ksmbd server of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the ksmbdnlpolicy function in the fs/smb/server/transportipc.c module, which is part of the Server Message Block network protocol implementation in the ksmbd server kernel of the Linux operating system, relates to memory reading beyond the allocated buffer. Exploiting this...

The vulnerability of the fromRouteStatic function in the Tenda W30E router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the fromRouteStatic function in the Tenda W30E router software relates to the reading of data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected informati...

The vulnerability of the frmL7PlotForm function in the microprogramming software for Tenda W30E allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the fromDhcpListClient function in the Tenda W30E router software relates to the reading of data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected informatio...

OESA-2024-1641 libxml2 security update

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

The vulnerability of Siemens Solid Edge’s design and simulation tools relates to reading data beyond the buffer in memory, allowing an attacker to execute arbitrary code.

The vulnerability of Siemens Solid Edge’s design and simulation tools relates to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created PAR file...

The vulnerability of Omron CX-Programmer software, which involves reading beyond the buffer in memory, allows a malicious actor to cause an unexpected termination of the application or expose protected information.

The vulnerability of Omron CX-Programmer software for programming logic controllers is related to reading data beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to cause the application to terminate abnormally or expose sensitive information through a specially...

Important: Red Hat Security Advisory: xorg-x11-server-Xwayland security update

An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ALSA-2024:3343 Important: xorg-x11-server-Xwayland security update

Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents CVE-2024-31080 xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice CVE-2024-31081 xorg-x11-server: Use-after-free in...

RHEL 8 : tigervnc (RHSA-2024:3261)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3261 advisory. Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine...

RHEL 8 : xorg-x11-server (RHSA-2024:3258)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3258 advisory. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical use...

Important: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

kernel: out of bounds read in drivers/media/usb/dvb-usb/technisat-usb2.c

An out-of-bounds read flaw was found in the DVB USB subsystem of the Linux kernel. There was no boundary check applied to the array in struct technisatusb2state state-buf until the 0xff byte is encountered. If the byte is not encountered within the limit, an exposure of kernel data structure...

The vulnerability of the Adobe Framemaker desktop publishing system, related to reading data beyond the buffer in memory, allows attackers to disclose protected information.

The vulnerability of the Adobe Framemaker desktop publishing system relates to reading data beyond the buffer in memory. Exploiting this vulnerability could allow an attacker to disclose protected information...

The vulnerability of the Adobe Framemaker desktop publishing system, related to reading data beyond the buffer in memory, allows a hacker to execute arbitrary code.

The vulnerability of the desktop publishing system Adobe Framemaker relates to reading data beyond the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the Adobe Framemaker desktop publishing system, related to reading data beyond the buffer in memory, allows a hacker to execute arbitrary code.

The vulnerability of the desktop publishing system Adobe Framemaker relates to reading beyond the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...