SUSE: Security Advisory (SUSE-SU-2018:2081-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2017:0189-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2017:1617-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:0260-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for tpm2-tss-engine (openSUSE-SU-2021:0542-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 Security Update : pcp (SUSE-SU-2021:0565-1)

This update for pcp fixes the following issues : Drop unnecessary %pre/%post recursive chown calls bsc1152533 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as mu...

Scientific Linux Security Update : microcode_ctl on SL7.x x86_64 (2020:5083)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2020:5083-1 advisory. - hw: Information disclosure issue in Intel SGX via RAPL interface CVE-2020-8695 - hw: Vector Register Leakage-Active CVE-2020-8696 - hw: Fast...

openSUSE Security Update : u-boot (openSUSE-2020-1869)

This update for u-boot fixes the following issues : - CVE-2020-8432: Fixed a double free in the cmd/gpt.c dorenamegptparts function, which allowed an attacker to execute arbitrary code bsc1162198 - CVE-2020-10648: Fixed improper signature verification during verified boot bsc1167209. This update...

Amazon Linux 2 : spice (ALAS-2020-1547)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1547 advisory. Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system. Both the SPICE client spice-gtk and server are affected by these flaws. These fla...

openSUSE: Security Advisory for php7 (openSUSE-SU-2020:1356-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-8023

A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server...

Amazon Linux AMI : rubygem-json (ALAS-2020-1423)

It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1423 advisory. The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar toCVE-2013-0269, but doe...

openSUSE Security Update : python (openSUSE-2020-1257)

This update for python fixes the following issues : - CVE-2019-20907: Avoid a possible infinite loop caused by specifically crafted tarballs bsc1174091. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in...

CVE-2020-8019 syslog-ng: Local privilege escalation from new to root in %post

A UNIX Symbolic Link Symlink Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server...

Scientific Linux Security Update : libqb on SL7.x x86_64 (20200407)

libqb: Insecure treatment of IPC temporary files C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid135816; scriptversion"1.3"; scriptsetattributeattribute:"pluginmodificationdate", value:"2024/03/15";...

Scientific Linux Security Update : telnet on SL7.x x86_64 (20200407)

telnet-server: no bounds checks in nextitem function allows to remotely execute arbitrary code C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid135839; scriptversion"1.6"; scriptsetattributeattribute:"pluginmodificationdate",...

Scientific Linux Security Update : krb5-appl on SL6.x i386/x86_64 (20200407)

Security Fixes : - telnet-server: no bounds checks in nextitem function allows to remotely execute arbitrary code CVE-2020-10188 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid135279; scriptversion"1.6";...

Code injection

The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool ABRT does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges...

openSUSE: Security Advisory for srt (openSUSE-SU-2019:2083-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Amazon Linux AMI : glibc (ALAS-2019-1320)

In the GNU C Library aka glibc or libc6 through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the...