Low: Red Hat Security Advisory: cockpit security update

An update for cockpit is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Moderate: Red Hat Security Advisory: emacs security update

An update for emacs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE

GNU is vulnerable to command injection due to missing sanitization of filenames when the LESSCLOSE environment variable is set and invoked. This could allow an attacker to execute malicious commands within the privileges of the utility...

ROS-20241112-01

An implementation vulnerability in the Simple Authentication and Security Layer GNU SASL framework is related to reading outside the outside the allocated space on the GNU SASL libgsasl server side using a malicious authenticated GSS-API client. Exploitation of the vulnerability could allow an...

ALSA-2024:9325 Low: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: Authenticated user can kill any process when enabling...

Low: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: Authenticated user can kill any process when enabling...

[SECURITY] [DSA 5805-1] guix security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5805-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 08, 2024 https://www.debian.org/security/faq -...

OESA-2024-2361 gsl security update

The GNU Scientific Library GSL is a collection of routines for numerical analysis, written in C. Security Fixes: GSL GNU Scientific Library through 2.8 has an integer signedness error in gslsimansolvemany in siman/siman.c. When params.ntries is negative, incorrect memory allocation...

PT-2024-35469 · Gnu Guix · Gnu Guix

Name of the Vulnerable Software and Affected Versions: GNU Guix versions before 5ab3c4c Description: A privilege escalation issue exists because build outputs are accessible by local users before file metadata concerns, such as for setuid and setgid programs, are properly addressed. This issue ca...

ABB Cylon Aspect 3.08.00 Off-By-One

ABB Cylon Aspect 3.08.00 logMix/YumLookup.php Off-by-One Error in Log Parsing Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy...

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c.

...

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.

...

Low: gdb

Issue Overview: GNU gdb GDB 13.0.50.20220805-git was discovered to contain a stack overflow via the function adadecode at /gdb/ada-lang.c. CVE-2023-39128 GNU gdb GDB 13.0.50.20220805-git was discovered to contain a heap use after free via the function addpeexportedsym at /gdb/coff-pe-read.c...

[SECURITY] Fedora 39 Update: libarchive-3.7.1-3.fc39

Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives...

Unspecified Vulnerability in GNU Scientific Library

GNU Scientific Library is an open source numerical computation library developed by the GNU organization , providing rich mathematical and scientific computing functions , support for C/C++ language development . A security vulnerability exists in GNU Scientific Library, which originates from an...

ABB Cylon Aspect 3.08.01 jsonProxy.php Servlet Inclusion Authentication Bypass

ABB Cylon Aspect 3.08.01 jsonProxy.php Servlet Inclusion Authentication Bypass Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energ...

ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Credential Disclosure Vulnerability

ABB Cylon Aspect version 3.08.01 allows an unauthenticated attacker to disclose credentials in plain-text. ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Credentials Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series,...

ABB Cylon Aspect 3.08.01 jsonProxy.php Username Enumeration

ABB Cylon Aspect 3.08.01 jsonProxy.php Username Enumeration Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy management and...

ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Credential Disclosure

ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Credentials Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...

ABB Cylon Aspect 3.08.01 jsonProxy.php Username Enumeration Vulnerability

ABB Cylon Aspect version 3.08.01 is vulnerable to username enumeration in the jsonProxy.php endpoint. An unauthenticated attacker can interact with the UserManager servlet to enumerate valid usernames on the system. Since jsonProxy.php proxies requests to internal services without requiring...