132 matches found
PT-2025-6477
Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 17.3 PostgreSQL versions prior to 16.7 PostgreSQL versions prior to 15.11 PostgreSQL versions prior to 14.16 PostgreSQL versions prior to 13.19 Description The issue is related to improper neutralization of quoting...
RHEL 9 : kpatch-patch-5_14_0-284_52_1 and kpatch-patch-5_14_0-284_79_1 (RHSA-2024:6313)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6313 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch...
openSUSE Security Advisory (SUSE-SU-2024:1865-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2024:2265-1 Security update for wireshark
This update for wireshark fixes the following issues: Update to version 3.6.22: - CVE-2024-4854: MONGO and ZigBee TLV dissector infinite loops bsc1224274 - CVE-2024-4853: The editcap command line utility could crash when chopping bytes from the beginning of a packet bsc1224259 - CVE-2024-4855: Th...
SUSE-SU-2024:1865-1 Security update for wireshark
This update for wireshark fixes the following issues: Update to version 3.6.22: - CVE-2024-4854: MONGO and ZigBee TLV dissector infinite loops bsc1224274 - CVE-2024-4853: The editcap command line utility could crash when chopping bytes from the beginning of a packet bsc1224259 - CVE-2024-4855: Th...
Arbitrary Command Execution
less is vulnerable to Arbitrary Command Execution.The vulnerability is due to the omission of shellquote calls for LESSCLOSE in the closealtfile function within the filename.c file of the less command-line utility, allows attackers to execute arbitrary commands...
OS Command Execution
less is vulnerable to OS command execution. The vulnerability is due to mishandling of quoting in the filename.c file within the less command-line utility, allowing attackers to execute arbitrary commands via a newline character in the name of a file...
[SECURITY] Fedora 39 Update: jose-13-1.fc39
Jos=EF=BF=BD=EF=BF=BD is a command line utility for performing various tasks on JSON Object Signing and Encryption JOSE objects. Jos=EF=BF=BD=EF=BF=BD provides a full crypto stack including key generation, signing and encryption...
CVE-2024-25112
A flaw was found in the Exiv2 command-line utility. The denial of service is triggered when Exiv2 is used to read the metadata of a crafted video file. An unbounded recursion can cause Exiv2 to crash by exhausting the stack...
CVE-2024-25112
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function,...
Rocky Linux 8 : compat-exiv2-026 (RLSA-2021:4319)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4319 advisory. - An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service DOS...
Rocky Linux 8 : exiv2 (RLSA-2021:4173)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4173 advisory. - Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was...
CVE-2022-41409
Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input...
QRExfiltrate - Tool That Allows You To Convert Any Binary File Into A QRcode Movie. The Data Can Then Be Reassembled Visually Allowing Exfiltration Of Data In Air Gapped Systems
This tool is a command line utility that allows you to convert any binary file into a QRcode GIF. The data can then be reassembled visually allowing exfiltration of data in air gapped systems. It was designed as a proof of concept to demonstrate weaknesses in DLP software; that is, the assumption...
NewStart CGSL MAIN 6.02 : exiv2 Multiple Vulnerabilities (NS-SA-2022-0090)
The remote NewStart CGSL host, running version MAIN 6.02, has exiv2 packages installed that are affected by multiple vulnerabilities: - Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in...
Ubuntu 16.04 ESM : Zstandard vulnerabilities (USN-5720-1)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5720-1 advisory. It was discovered that Zstandard was not properly managing file permissions when generating output files. A local attacker could possibly use this issue ...
The vulnerability of the QPDF::processXRefStream function in the command-line utility for converting QPDF documents allows a attacker to cause a service failure.
The vulnerability of the QPDF::processXRefStream command-line utility for converting PDF documents is related to the lack of resource release after the expiration of its useful period. Exploiting this vulnerability could allow a malicious actor to cause service failures...
Fedora: Security Advisory for golang-gopkg-neurosnap-sentences-1 (FEDORA-2022-37aef44d1e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: golang-gopkg-neurosnap-sentences-1-1.0.6-15.fc36
This command line utility will convert a blob of text into a list of sentence s...
[SECURITY] Fedora 35 Update: weldr-client-35.5-2.fc35
Command line utility to control osbuild-composer...