liblouis: Multiple Vulnerabilities

Background liblouis is an open-source braille translator and back-translator. Description Multiple vulnerabilities have been discovered in liblouis. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is...

GLSA-202408-31 : protobuf, protobuf-python: Denial of Service

The remote host is affected by the vulnerability described in GLSA-202408-31 protobuf, protobuf-python: Denial of Service A vulnerability has been discovered in protobuf and protobuf-python. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding...

json-c: Buffer Overflow

Background json-c is a JSON implementation in C. Description Please review the CVE identifier referenced below for details. Impact A stack-buffer-overflow exists in the auxiliary sample program jsonparse which is located in the function parseit. Workaround There is no known workaround at this tim...

libuv: Buffer Overread

Background libuv is a multi-platform support library with a focus on asynchronous I/O. Description libuv fails to ensure that a pointer lies within the bounds of a defined buffer in the uvidnatoascii function before reading and manipulating the memory at that address. Impact The overread can resu...

GLSA-202310-14 : libinput: format string vulnerability when using xf86-input-libinput

The remote host is affected by the vulnerability described in GLSA-202310-14 libinput: format string vulnerability when using xf86-input-libinput - A format string vulnerability was found in libinput CVE-2022-1215 Note that Nessus has not tested for this issue but has instead relied only on the...

GLSA-202012-13 : OpenSSL: Denial of service

The remote host is affected by the vulnerability described in GLSA-202012-13 OpenSSL: Denial of service A NULL pointer dereference flaw was found in OpenSSL. Impact : A remote attacker, able to control the arguments of the GENERALNAMEcmp function in an application linked against OpenSSL, could...

Mozilla Network Security Service (NSS): Information disclosure

Background The Mozilla Network Security Service NSS is a library implementing security features like SSL v.2/v.3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description NSS was found to not always perform constant-time operations when working with DSA key material. Impa...

GLSA-202007-43 : TRE: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202007-43 TRE: Multiple vulnerabilities Multiple vulnerabilities have been discovered in TRE. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details...

GLSA-202003-41 : GNU FriBidi: Heap-based buffer overflow

The remote host is affected by the vulnerability described in GLSA-202003-41 GNU FriBidi: Heap-based buffer overflow A heap-based buffer overflow vulnerability was found in GNU FriBidi. Impact : A remote attacker could possibly cause a memory corruption, execute arbitrary code with the privileges...

GLSA-202003-42 : libgit2: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202003-42 libgit2: Multiple vulnerabilities Multiple vulnerabilities have been discovered in libgit2. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly overwrite arbitrary paths,...

GNU FriBidi: Heap-based buffer overflow

Background The Free Implementation of the Unicode Bidirectional Algorithm. Description A heap-based buffer overflow vulnerability was found in GNU FriBidi. Impact A remote attacker could possibly cause a memory corruption, execute arbitrary code with the privileges of the process or cause a Denia...

OpenSSL: Multiple vulnerabilities

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced...

GLSA-201612-38 : Botan: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201612-38 Botan: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Botan. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code wit...

elfutils: Heap-based buffer overflow

Background Elfutils provides a library and utilities to access, modify and analyse ELF objects. Description An integer overflow, in the checksection function of dwarfbeginelf.c, in the libdw library can lead to a heap-based buffer overflow. Impact A remote attacker could entice a user to open a...

D-Bus, GLib: Privilege escalation

Background D-Bus is a daemon providing a framework for applications to communicate with one another. GLib is a library providing a number of GNOME’s core objects and functions. Description When libdbus is used in a setuid program, a user can gain escalated privileges by leveraging the...

GLSA-201401-19 : GMime: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201401-19 GMime: Arbitrary code execution GMime contains a buffer overflow flaw in the GMIMEUUENCODELEN macro in gmime/gmime-encodings.h. Impact : A context-dependent attacker could possibly execute arbitrary code or cause a Denia...

GLSA-201209-06 : Expat: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201209-06 Expat: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially...

libxml2: Denial of service

Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description libxml2 does not properly randomize hash functions to protect against hash collision attacks. Impact A remote attacker could entice a user or automated system to open a specially crafted XML document...

Gentoo Security Advisory GLSA 200908-01 (opensc)

The remote host is missing updates announced in advisory GLSA 200908-01. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200908-01 (opensc)

The remote host is missing updates announced in advisory GLSA 200908-01. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...