4213 matches found
AlmaLinux 9 : systemd (ALSA-2023:0336)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:0336 advisory. - An off-by-one Error issue was discovered in Systemd in formattimespan function of time-util.c. An attacker could supply specific values for time and accuracy tha...
systemd: buffer overrun in format_timespan() function
An off-by-one error flaw was found in systemd in the formattimespan function of time-util.c. This flaw allows an attacker to supply specific values for time and accuracy, leading to a buffer overrun in formattimespan, leading to a denial of service...
systemd security update
An update is available for systemd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The systemd packages contain systemd, a system and service manager for Linux,...
RLSA-2023:0336 Moderate: systemd security update
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...
Moderate: systemd security update
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...
Vulnerability of the PM_io parser function: <PMDEC>::read_face() and store_fc() in the Nef_2/PM_io parser component. This is part of the CGAL computational geometry algorithm library, which allows an attacker to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the PMioparser function in the Nef2/PMio parser component, located in the readface and storefc functions, within the CGAL computational geometry library, is related to reading data beyond the permissible buffer limits. Exploiting this vulnerability allows an attacker to gain...
CVE-2023-22745
A flaw was found in tpm2-tss, which is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Stack TSS2. In affected versions, Tss2RCSetHandler and Tss2RCDecode index into the layerhandler with an 8-bit layer number, but the array only ha...
CVE-2023-22745
tpm2-tss is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Stack TSS2. In versions prior to 4.1.0-rc0, 4.0.1, and 3.2.2-rc1, Tss2RCSetHandler and Tss2RCDecode both index into layerhandler with an 8 bit layer number, but the array...
AZL-13055 CVE-2023-22745 affecting package tpm2-tss for versions less than 2.4.6-2
tpm2-tss is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Stack TSS2. In versions prior to 4.1.0-rc0, 4.0.1, and 3.2.2-rc1, Tss2RCSetHandler and Tss2RCDecode both index into layerhandler with an 8 bit layer number, but the array...
DEBIAN-CVE-2023-22745
tpm2-tss is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Stack TSS2. In versions prior to 4.1.0-rc0, 4.0.1, and 3.2.2-rc1, Tss2RCSetHandler and Tss2RCDecode both index into layerhandler with an 8 bit layer number, but the array...
AZL-69129 CVE-2023-22745 affecting package tpm2-tss for versions less than 4.0.1-1
tpm2-tss is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Stack TSS2. In versions prior to 4.1.0-rc0, 4.0.1, and 3.2.2-rc1, Tss2RCSetHandler and Tss2RCDecode both index into layerhandler with an 8 bit layer number, but the array...
CVE-2023-22745
tpm2-tss is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Stack TSS2. In versions prior to 4.1.0-rc0, 4.0.1, and 3.2.2-rc1, Tss2RCSetHandler and Tss2RCDecode both index into layerhandler with an 8 bit layer number, but the array...
UBUNTU-CVE-2023-22745
tpm2-tss is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Stack TSS2. In versions prior to 4.1.0-rc0, 4.0.1, and 3.2.2-rc1, Tss2RCSetHandler and Tss2RCDecode both index into layerhandler with an 8 bit layer number, but the array...
CVE-2023-22745
CVE-2023-22745 affects tpm2-tss: prior to versions 4.1.0-rc0, 4.0.1, and 3.2.2-rc1, Tss2_RC_SetHandler and Tss2_RC_Decode index into layer_handler with an 8-bit layer number while the array has TPM2_ERROR_TSS2_RC_LAYER_COUNT entries, allowing a buffer overrun. This can read/write past the buffer ...
CVE-2023-22745
tpm2-tss is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Stack TSS2. In versions prior to 4.1.0-rc0, 4.0.1, and 3.2.2-rc1, Tss2RCSetHandler and Tss2RCDecode both index into layerhandler with an 8 bit layer number, but the array...
CVE-2023-22745 Buffer Overlow in TSS2_RC_Decode in tpm2-tss
tpm2-tss is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Stack TSS2. In versions prior to 4.1.0-rc0, 4.0.1, and 3.2.2-rc1, Tss2RCSetHandler and Tss2RCDecode both index into layerhandler with an 8 bit layer number, but the array...
The vulnerability of the Internet Key Exchange Protocol Daemon (iked) in operating systems such as JunOS, routers of the SRX and MX series with SPC3, allows a hacker to cause a service failure.
The vulnerability of the Internet Key Exchange Protocol Daemon iked in JunOS operating systems, where it is used in SRX and MX series routers with SPC3, stems from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to cause servic...
Microsoft Edge browser’s vulnerability, related to the execution of operations beyond the buffer in memory, allows attackers to execute arbitrary code.
The vulnerability of Microsoft Edge relates to the issue of operations going beyond the buffer boundaries in memory when processing HTML content. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
AlmaLinux 8 : systemd (ALSA-2023:0100)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:0100 advisory. - An off-by-one Error issue was discovered in Systemd in formattimespan function of time-util.c. An attacker could supply specific values for time and accuracy tha...
The vulnerability of the Adobe InCopy text creation and editing software lies in the recording of data beyond the buffer in memory, allowing an attacker to execute arbitrary code.
The vulnerability of the Adobe InCopy text creation and editing software relates to the writing of data beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created malicious file...