NewStart CGSL CORE 5.04 / MAIN 5.04 : rsyslog Vulnerability (NS-SA-2022-0103)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has rsyslog packages installed that are affected by a vulnerability: - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is use...

OpenSSL 3.0.0 < 3.0.8 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.0.8. It is, therefore, affected by a denial of service DoS vulnerability. If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some...

The vulnerability of Omron CX-Programmer software for programming logic controllers lies in the possibility of an operation exceeding the buffer boundaries in memory. This allows a malicious actor to gain unauthorized access to protected information or execute arbitrary code.

The vulnerability of Omron CX-Programmer software for programming logic controllers is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information or execute arbitrary code using a...

The vulnerability of Omron CX-Programmer software for programming logic controllers lies in the possibility of an operation exceeding the buffer boundaries in memory. This allows a malicious actor to gain unauthorized access to protected information or execute arbitrary code.

The vulnerability of Omron CX-Programmer software for programming logic controllers is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information or execute arbitrary code using a...

The vulnerability of the network socket of the VMware ESXi hypervisor allows a attacker to execute arbitrary code with elevated privileges.

The vulnerability of the VMware ESXi hypervisor’s network socket is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code with elevated privileges...

Amazon Linux 2 : systemd (ALAS-2022-1899)

The version of systemd installed on the remote host is prior to 219-78. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1899 advisory. An off-by-one Error issue was discovered in Systemd in formattimespan function of time-util.c. An attacker could supply specific...

ALPINE-CVE-2022-35260

curl can be told to parse a .netrc file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause ...

PT-2022-26343 · Nvidia +1 · Nvidia Vgpu +1

Name of the Vulnerable Software and Affected Versions: NVIDIA vGPU software affected versions not specified Description: The issue is related to a vulnerability in the Virtual GPU Manager vGPU plugin of the NVIDIA vGPU software, where an input index is not validated. This may lead to a buffer...

PT-2022-26344 · Nvidia +1 · Nvidia Vgpu +1

Name of the Vulnerable Software and Affected Versions: NVIDIA vGPU software affected versions not specified Description: The issue is related to an input index not being validated in the Virtual GPU Manager vGPU plugin, which may lead to buffer overrun. This could result in data tampering,...

SUSE SLES12 Security Update : systemd (SUSE-SU-2022:4279-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4279-1 advisory. - An off-by-one Error issue was discovered in Systemd in formattimespan function of time-util.c. An attacker could supply specific values fo...

SUSE-SU-2022:4279-1 Security update for systemd

This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in formattimespan function bsc1204968. - Import commit 417bb0944e035969594fff83a3ab9c2ca9a56234 20743c1a44 logind: fix crash in logind on user-specified message string b971b5f085 tmpfiles: check the director...

The vulnerability of the disk redirect channel in the implementation of the FreeRDP remote desktop protocol allows a intruder to gain unauthorized access to protected information or cause a service failure.

The vulnerability of the disk redirecting channel in the implementation of the FreeRDP remote desktop protocol is related to the issue where the operation goes beyond the buffer boundaries when checking the input length for parameters /drive, +drives, or +home-drive. Exploiting this vulnerability...

The vulnerability of the file system driver of Windows operating systems allows a hacker to execute arbitrary code with system privileges.

The vulnerability of the file system driver of Windows operating systems is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code with system privileges...

The vulnerability in the open-source development environment for UEFI EDK2, related to writing beyond the buffer boundaries, allows an attacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability in the open-source development environment for UEFI EDK2 relates to writing beyond the buffer boundaries. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...

SUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2022:4056-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4056-1 advisory. - An off-by-one Error issue was discovered in Systemd in formattimespan function of time-util.c. An attacker could supp...

OESA-2022-2099 systemd security update

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. Security Fixes: An off-by-one Error issue was discovered in Systemd in formattimespan function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun ...

Oracle Linux 9 : openssl (ELSA-2022-10004)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-10004 advisory. - CVE-2022-3602: X.509 Email Address Buffer Overflow - running tests Resolves: CVE-2022-3602 Tenable has extracted the preceding description block...

SUSE: Security Advisory (SUSE-SU-2022:4056-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2022-0429)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated systemd packages fix security vulnerability

buffer overrun in formattimespan function bsc1204968 CVE-2022-3821 Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 0469b9f2bc pstore: do not try to load all known pstore modules ad05f54439 pstore: Run after modules are loaded ccad817445 core: Add trigger limit for path units 281d818fe3...